[sanesecurity] Re: jurlbl signature name stability
- From: "Bill Landry" <bill@xxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Fri, 19 Jun 2009 09:53:13 -0700
>
>
> On 18 Jun 2009 at 14:16, Bill Landry wrote:
>
> [snip]
>
>> I'll be doing the same thing, however, I will not be hex encoding the
>> domain name in the signature name. Rather, the INetMsg signatures will
>> look like:
>>
>> INetMsg.SpamDomain-2w.example.com:4:*:6578616d706c652e636f6d
>>
>> You will be able to clearly see the domain listed in the signature name
>> (in this case "example.com" is the domain that is also encoded in the
>> hex
>> signature), so no decoding will be necessary to determine what domain
>> the signature triggered on and a simple search of the database for the
>> domain
>> name will determine whether the domain is still included or not.
>
> Thanks Steve and Bill, that's an great improvement, but Bill's format will
> self detect in
> most cases. Could you replace the dot with an underscore to avoid further
> FPs?
Done - you will see the change with the next update. Thanks for the
suggestion.
Bill
Other related posts:
