> > > On 18 Jun 2009 at 14:16, Bill Landry wrote: > > [snip] > >> I'll be doing the same thing, however, I will not be hex encoding the >> domain name in the signature name. Rather, the INetMsg signatures will >> look like: >> >> INetMsg.SpamDomain-2w.example.com:4:*:6578616d706c652e636f6d >> >> You will be able to clearly see the domain listed in the signature name >> (in this case "example.com" is the domain that is also encoded in the >> hex >> signature), so no decoding will be necessary to determine what domain >> the signature triggered on and a simple search of the database for the >> domain >> name will determine whether the domain is still included or not. > > Thanks Steve and Bill, that's an great improvement, but Bill's format will > self detect in > most cases. Could you replace the dot with an underscore to avoid further > FPs? Done - you will see the change with the next update. Thanks for the suggestion. Bill