[sanesecurity] Changes
- From: Steve Basford <steveb_clamav@xxxxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx, sanesecurity_announce@xxxxxxxxxxxxx
- Date: Thu, 18 Feb 2010 20:37:53 +0000
Hi All,
A few changes to update you all on:
Spear.ndb change(s)
* Fixed signature naming on certain feed types.
* To have an address removed from the APER feed list (used by spear.ndb
and scamnailer.ndb), take a look here:
http://code.google.com/p/anti-phishing-email-reply/
* In order to help reduce situations where University's have cleaned up
a compromised accounts, I've removed ac.uk/edu and k12 accounts *over 60
days* from the main APER feed.
This has reduced the signatures from 11,508 to 10,908 at the time of
writing. Feedback welcome, if you want this reduced to say 30 days.
* I'll look into more optimisations of the feed at a later date.
Note:
* scamnailer.ndb will still include all the feed data from APRR, as well
as other spear phishing links
* phish.ndb also contains generic spear phishing signatures, usually
called Sanesecurity.Phishing.Fake.xxxxx, if you are having problems with
spear phishing.
Email address change(s)
Previously samples/false positive reports should have been sent to
steveb (AT) webtibe.net.
As the provider of this address is closing their email service in next
couple of months, I've now setup a couple of new addresses to use instead:
* Missed Samples should be sent to: samples (AT) sanesecurity.me.uk
(other automated feeds will have their own address)
* False Positive samples should be sent to: false_positive (AT)
sanesecurity.me.uk
Cheers,
Steve
Sanesecurity
Other related posts:
- » [sanesecurity] Changes - Steve Basford
