Hi there,
On Fri, 31 Aug 2012, Maarten Broekman wrote:
I see where your confusion comes from. I'm not generating pdb
signatures. I'm generating ndb signatures ...
Sorry, bit of a senior moment there. They seem to be creeping up on
me lately. :( I had to go back and read
http://www.clamav
On 8/30/12 4:21 AM, G.W. Haywood wrote:
Please would someone explain to me the use of "{7-8}"? I do not
recognize it as valid regular expression syntax.
Here is an example used in a Sane Security signature:
http://sane.mxuptime.com/s.aspx?id=Sanesecurity.Phishing.Auction.1749
It is an offs
> -Original Message-
> > Some of the phishing content that I'm finding is resulting in hex
> > dumps in the 10k+ character range and I think it's more dangerous to
> > replace sections with '*' than to replace certain substrings with
> > specific length wildcards.
>
> Please would someone
Hello again,
On Thu, 30 Aug 2012, Maarten Broekman wrote:
Some of the phishing content that I'm finding is resulting in hex
dumps in the 10k+ character range and I think it's more dangerous to
replace sections with '*' than to replace certain substrings with
specific length wildcards.
This br
> -Original Message-
> > > The rate of false positives is wholly dependent on the strings
that
> > > you are replacing with wildcards.
> > >
> > > As an example, when generating signatures to identify phishing
> > > content (say, content targeting bank customers), I wanted to be
> able
> >
On Wed, Aug 29, 2012 at 10:29 AM, Michael Orlitzky wrote:
> On 08/29/2012 09:46 AM, Maarten Broekman wrote:
> >> -Original Message-
> >> Despite the statement of your objective it isn't clear to me what you
> >> think you're going to achieve. My expectation would be a very large
> >> incr
On 08/29/2012 09:46 AM, Maarten Broekman wrote:
>> -Original Message-
>> Despite the statement of your objective it isn't clear to me what you
>> think you're going to achieve. My expectation would be a very large
>> increase in the false positive rates if you attempt to use signatures
>>
> -Original Message-
> Despite the statement of your objective it isn't clear to me what you
> think you're going to achieve. My expectation would be a very large
> increase in the false positive rates if you attempt to use signatures
> modified in the way you describe. Can you be more sp
Hi there,
On Wed, 29 Aug 2012, Maarten Broekman wrote:
Does anyone know of a tool that would take strings in a hex signature
and turn them into appropriate wildcards? For instance, I want to strip
out all the "http://"; and "https://"; and replace them with {7-8}
Your suggested replacement d
Does anyone know of a tool that would take strings in a hex signature
and turn them into appropriate wildcards? For instance, I want to strip
out all the "http://"; and "https://"; and replace them with {7-8} to
reduce the size of the signature and get more 'useful' strings in the
signature? Ther
10 matches
Mail list logo
