On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
> Another is your assertion that my "initial assumptions" were incorrect > when I suggested that phishing signatures were more likely to create > false positives as a result of being more likely to be matching > plaintext. Which initial assumptions were incorrect? Can you back your > assertion up with anything?
Yes. Of the 126 Phishing signatures, 120 will only match in HTML documents, and 1 will only match in email messages - they aren't plaintext.
Oh, ok. Apparently we have a different definition of plaintext. I generally take anything using only the lower 7 bits (ASCII table) to mean plaintext, and things that use the 8th bit to mean binary. Regardless of your definition of "plaintext", it would seem that my conclusion that phishing signatures that rely exclusively on 7-bit ascii are more likely to have a false positive than binary signatures that use the full 8 bits is correct.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
