[sanesecurity] Re: False Positive winnow.phish.cm.microsoft.hc.275895 in winnow_phis h_complete_url.ndb

• From: Tom Shaw <tshaw@xxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx, "'winnow@xxxxxxxx'" <winnow@xxxxxxxx>
• Date: Tue, 30 Jun 2009 08:21:45 -0400

Thank you Pushing an updated DB out now.

I wish the owners of hotmail, etc. would not continue to put new domains as footers.

Tom

At 2:14 PM +0200 6/30/09, CLEMENT Francis wrote:

Hello

The sig winnow.phish.cm.microsoft.hc.275895 causes many FP that mark
legitimate Hotmail/Live mails as potential spam ...

It decodes as :

http://www[DOT]messengersurvotremobile[DOT]com/

(replace [DOT] with . :) )

This is a legitimate Microsoft domain (as per registrar tucows), web site
and Url, and this url is placed in some Microsoft Live/Hotmail messages
footers as simple advertising link (generaly as a footer link).

Regards

Francis

• Follow-Ups:
  • [sanesecurity] Re: False Positive winnow.phish.cm.microsoft.hc.275895 in winnow_phish_complete_url.ndb
    • From: Gerard

• References:
  • [sanesecurity] False Positive winnow.phish.cm.microsoft.hc.275895 in winnow_phis h_complete_url.ndb
    • From: CLEMENT Francis

Other related posts:

• » [sanesecurity] False Positive winnow.phish.cm.microsoft.hc.275895 in winnow_phis h_complete_url.ndb- CLEMENT Francis
• » [sanesecurity] Re: False Positive winnow.phish.cm.microsoft.hc.275895 in winnow_phis h_complete_url.ndb - Tom Shaw
• » [sanesecurity] Re: False Positive winnow.phish.cm.microsoft.hc.275895 in winnow_phis h_complete_url.ndb- Steve Basford

1. Home
2. sanesecurity
3. Archive
4. 06-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---