At 4:27 PM +0200 10/23/09, Per Jessen wrote:
I just started using the winnow_malware databases yesterday and got a truckload of FPs - at least 100 at last count. Did anyone see the same?
You sure they were FP's? There was a boatload to fake MS updates for office with attached url to Zeus malware over the last day or two.
I have deactivated the signature in an abundance of caution due to your report but I would like confirmation of FP's as all the ones we collected here are all phish/malware droppers.