Tom Shaw wrote:
At 5:21 PM +0200 10/16/09, Jose-Marcio Martins da Cruz wrote:
Tom Shaw wrote:
Yes it strips out all urls just don't send with a signature that
contains your home url or else it will get processed. Hopefully it will
not return malware so it will be discarded as dead. ;-)
N
At 5:21 PM +0200 10/16/09, Jose-Marcio Martins da Cruz wrote:
Tom Shaw wrote:
As long as you don't obfuscate the url my scripts will isolate the
url or the attached malware and process.
Nice ! Can I send one URL per line ? I have 20 undetected virus.
Yes it strips out all urls just don't
At 8:14 AM -0700 10/16/09, Dennis Peterson wrote:
Tom Shaw wrote:
Tom Shaw wrote:
If you submit a file to virus-samp...@oitc.com I'll process it
for winnow_malware.hdb and at the same time send it to the ClamAV
malware signature team and virustotal to check if others can
detect.
If you s
Tom Shaw wrote:
As long as you don't obfuscate the url my scripts will isolate the url
or the attached malware and process.
Nice ! Can I send one URL per line ? I have 20 undetected virus.
--
---
Jose Marcio MARTINS DA CRUZ
Tom Shaw wrote:
Tom Shaw wrote:
If you submit a file to virus-samp...@oitc.com I'll process it for
winnow_malware.hdb and at the same time send it to the ClamAV malware
signature team and virustotal to check if others can detect.
If you submit a url to malware to virus-samp...@oitc.com I'l
Tom Shaw wrote:
If you submit a file to virus-samp...@oitc.com I'll process it for
winnow_malware.hdb and at the same time send it to the ClamAV
malware signature team and virustotal to check if others can detect.
If you submit a url to malware to virus-samp...@oitc.com
I'lldownload the ma
Tom Shaw wrote:
If you submit a file to virus-samp...@oitc.com I'll process it for
winnow_malware.hdb and at the same time send it to the ClamAV malware
signature team and virustotal to check if others can detect.
If you submit a url to malware to virus-samp...@oitc.com I'lldownload
the ma
Tom Shaw wrote:
Just to clarify winnow_malware.hdb is designed to detect malware
payloads. Thus, it is effective in an email system only when the
payload is attached (such as a dropper, etc). It is also very
effective when used in file system/download checking scenarios.
Thanks to Dennis a
Steve Basford wrote:
The script I use has a bit more finesse than this simple overview. I use a
randomizer to prevent this process from running at the same minute past
the hour
Note there's a *tiny* chance if the script runs at 10.07 and then 11.03,
you'll get temp block for an hour from some o
16.10.2009 10:42, Steve Basford kirjoitti:
I'd use:
phish.ndb
rougue.hdb
winnow_malware_links.ndb
winnow_malware.hdb
Thanks, I have implemented these now with SaneSecurity Script 1.
--
http://www.iki.fi/jarif/
Alas, how love can trifle with itself!
-- William Shakespeare,
Tom Shaw wrote:
Just to clarify winnow_malware.hdb is designed to detect malware
payloads. Thus, it is effective in an email system only when the payload
is attached (such as a dropper, etc). It is also very effective when
used in file system/download checking scenarios.
Thanks to Dennis a
At 8:42 AM +0100 10/16/09, Steve Basford wrote:
> The script I use has a bit more finesse than this simple overview. I use a
randomizer to prevent this process from running at the same minute past
the hour
Note there's a *tiny* chance if the script runs at 10.07 and then 11.03,
you'll get t
> The script I use has a bit more finesse than this simple overview. I use a
> randomizer to prevent this process from running at the same minute past
> the hour
Note there's a *tiny* chance if the script runs at 10.07 and then 11.03,
you'll get temp block for an hour from some of the mirrors, dep
13 matches
Mail list logo
