Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: jumba on March 04, 2011, 11:08:52 AM

Title: SOLVED: ClamAV blocking lots of mails with false positive?
Post by: jumba on March 04, 2011, 11:08:52 AM

Starting today, it seems like ClamAV blocks lots of mail refering to a "

MBL_144360.UNOFFICIAL" which is most certainlly a FALSE POSITIVE (Several other threads on internet discussing this as well right now...)

It's submitted to bugtracker:

http://bugs.contribs.org/show_bug.cgi?id=6541 (http://bugs.contribs.org/show_bug.cgi?id=6541)

Any solutions should be published here as well, I think, so that as many as possible can apply solution ASAP.

Edit: For full discussion and/or solution, please see bugtracker...

Title: Re: SOLVED: ClamAV blocking lots of mails with false positive?
Post by: shawnbishop on March 05, 2011, 06:50:28 PM

With my servers it was getting progressively worse, eventually all xls, csv documents were being blocked.

I had to uninstall sane-security extra contribs...as per the following, will wait until Clam AV upgraded to 0.97

http://wiki.contribs.org/Virus:Additional_Signatures#Uninstall

Title: Re: SOLVED: ClamAV blocking lots of mails with false positive?
Post by: Knuddi on March 07, 2011, 08:35:30 PM

This had nothing to do with an outdated Clam installation (I run 0.97 and had the same). This is due to a bad signature from MBL that was fixed again Sat. afternoon. This unfortunately happen - Humans are involved...

I have used these extra signatures for the last 2year+ and this is the first "bummer"