[sanesecurity] Re: winnow additions
- From: "Grayhat" <grayhat@xxxxxxx>
- To: <sanesecurity@xxxxxxxxxxxxx>
- Date: Tue, 14 Feb 2012 21:48:34 +0100
Cool !! So at end Emanuele did it :) !
Yes, he did and we are adding more feeds. Presently we have a small
overlap (because there are TONS on cracked sites now. We are working to
better categorized and higher detection rate.
This is *good* news :) ! As for the cracked sites... did you consider
setting
up something like the "project honeypot" (www.projecthoneypot.org) kind of
access ? I mean, some kind of "API" to allow spamfilters to use the list
even
w/o the need to run an "AV scan" ... see, I'm in contact with the folks
which
are in charge of ASSP development and some "open API" would be cool :D
A question; are the complete sigs fully added to the winnow DBs or are
you performing some kind of "filtering" on them ? Just curious; as a
note I've been testing those sigs (and I think Steve did the same) for
a while by directly fetching them from the bofhland page :D
I just decided that Emanuele and I had such good results using his and
mine that I would do something for get it out there. Looks like we found
traction ;-) I have been talking to Steve and I hope he will be adding
directly instead. As Steve said its cleaner.
Aye, saw Steve's post and, at a point, I was wondering if there was some
overlap (that is, winnow + bofhland) but now I see this isn't the case; all
in
all, I think this is a good idea since it will allow more "fine tuning" :)
what
else... yeah, if someone here needs a "win" download script, just holler,
nothing fancy, mind me, but since I *had* to write it, I decided to put it
together to be flexible enough :)
Other related posts:
