[sanesecurity] Re: False Positive?

• From: Bill Landry <bill@xxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Fri, 30 Oct 2009 08:10:15 -0700

Steve Basford wrote:
>> Ok, I need a bit of help here.  I have had a couple of messages blocked
>> because of this signature.  I decoded it, but the result doesn't make
>> sense other than the word Halloween is in it. The message has the word
>> Halloween in it plus a link to some images stored at www {dot} wtv
>> {dash} zone {dot} com {slash} angleimage.
> 
> Hi Lyle,
> 
> Thanks for the report... I've removed the sig... and mirrors updated.
> 
>> False positive maybe?  Maybe someone could tell me how to read that
>> signature...
> 
> A simple decoder is here, but it does decode 100%:
> 
> http://sanesecurity.co.uk/decodesigs.htm
> 
> If anyone could code a proper sig decoder for the web, that would be great :)

Steve, feel free to use the perl code snippet that I have in my script
that does proper decoding of signatures.

Bill

• Follow-Ups:
  • [sanesecurity] Re: False Positive?
    • From: jef moskot

• References:
  • [sanesecurity] False Positive?
    • From: Lyle Giese
  • [sanesecurity] Re: False Positive?
    • From: Steve Basford

Other related posts:

• » [sanesecurity] False Positive- Nigel Horne
• » [sanesecurity] Re: False Positive- Steve Basford
• » [sanesecurity] Re: False Positive- Rick Macdougall
• » [sanesecurity] Re: False Positive- Rick Macdougall
• » [sanesecurity] False Positive?- Lyle Giese
• » [sanesecurity] Re: False Positive?- Steve Basford
• » [sanesecurity] False Positive- Peter
• » [sanesecurity] Re: False Positive- McDonald, Dan
• » [sanesecurity] Re: False Positive? - Bill Landry
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive?- jef moskot
• » [sanesecurity] Re: False Positive- McDonald, Dan
• » [sanesecurity] Re: False Positive?- MxUptime.com
• » [sanesecurity] Re: False Positive?- Steve Basford
• » [sanesecurity] Re: False Positive?- Peter
• » [sanesecurity] Re: False Positive- Peter
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] False Positive- Serdar GURSU
• » [sanesecurity] False Positive- Serdar GURSU
• » [sanesecurity] Re: False Positive- Steve Basford
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- GrayHat
• » [sanesecurity] Re: False Positive- David B Funk
• » [sanesecurity] Re: False Positive- GrayHat
• » [sanesecurity] False Positive- Serdar GURSU
• » [sanesecurity] Re: False Positive- GrayHat
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] False Positive- Bill Greganti
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- Ken A
• » [sanesecurity] False Positive- Sujit Acharyya-choudhury
• » [sanesecurity] Re: False Positive- Steve basford
• » [sanesecurity] Re: False Positive- Sujit Acharyya-choudhury
• » [sanesecurity] Re: False Positive- Paul Stead
• » [sanesecurity] Re: False Positive- Steve basford
• » [sanesecurity] Re: False Positive- Paul Stead
• » [sanesecurity] Re: False Positive- Sujit Acharyya-choudhury
• » [sanesecurity] Re: False Positive- Sujit Acharyya-choudhury

1. Home
2. sanesecurity
3. Archive
4. 10-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---