Discussion:
[clamav-users] winnow FP
(too old to reply)
Alex
2016-04-13 15:20:02 UTC
Permalink
Hi,

I don't understand why themastersbaker.com would be tagged?

# sigtool --find-sigs winnow.spam.ts.untyped.966134 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.untyped.966134
TARGET TYPE: MAIL
OFFSET: *
DECODED SIGNATURE:
http://themastersbaker.com/


This isn't currently on any other blacklist. Is this the proper
address to request a winnow removal?

I've already whitelisted it.
Thanks,
Alex
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Al Varnell
2016-04-13 21:43:49 UTC
Permalink
I don’t think you are in the right place as I can’t find that signature (or any remotely resembling it) in the ClamAV official database. I suspect you are using some 3rd party UNOFFICIAL signatures that are detecting that one.

-Al-
Post by Alex
Hi,
I don't understand why themastersbaker.com would be tagged?
# sigtool --find-sigs winnow.spam.ts.untyped.966134 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.untyped.966134
TARGET TYPE: MAIL
OFFSET: *
http://themastersbaker.com/
This isn't currently on any other blacklist. Is this the proper
address to request a winnow removal?
I've already whitelisted it.
Thanks,
Alex
Paul+ ("Paul Whelan")
2016-04-14 07:22:03 UTC
Permalink
Post by Alex
Hi,
I don't understand why themastersbaker.com would be tagged?
# sigtool --find-sigs winnow.spam.ts.untyped.966134 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.untyped.966134
Winnow signatures are distributed by Sanesecurity.com. They have their own mailing list
although Steve does pop-up here as well.

paul

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Steve Basford
2016-04-14 07:39:58 UTC
Permalink
Post by Alex
Hi,
I don't understand why themastersbaker.com would be tagged?
Quick update: FP has already been removed.

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
TR Shaw
2016-04-14 11:16:20 UTC
Permalink
Removed when I saw the original message
Post by Paul+ ("Paul Whelan")
Post by Alex
Hi,
I don't understand why themastersbaker.com would be tagged?
# sigtool --find-sigs winnow.spam.ts.untyped.966134 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.untyped.966134
Winnow signatures are distributed by Sanesecurity.com. They have their own mailing list
although Steve does pop-up here as well.
paul
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Loading...