[sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
- From: Tom Shaw <tshaw@xxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Fri, 23 Oct 2009 12:05:36 -0400
At 5:56 PM +0200 10/23/09, Per Jessen wrote:
Tom Shaw wrote:At 5:21 PM +0200 10/23/09, Per Jessen wrote:I have 157 mails that hit the signature, but doesn't contain 'update.microsoft.com'. I'll be back later with an update.gzip them to me and I'll take a peak also.Umm, something's weird - I've just handtested a couple of these suspect FPs with clamscan, and didn't see a hit. (We're using clamd in production). I might have been a little early with the FP report.
Let me know so I can reenable. Tom
- Follow-Ups:
- References:
- [sanesecurity] winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
- From: Per Jessen
- [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
- From: Tom Shaw
- [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
- From: Per Jessen
- [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
- From: Tom Shaw
- [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
- From: Per Jessen
- [sanesecurity] winnow.malware.ts.msofficeupdate.3.UNOFFICIAL
Other related posts:
- » [sanesecurity] winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Per Jessen
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Tom Shaw
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Per Jessen
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Tom Shaw
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Per Jessen
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Tom Shaw
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Per Jessen
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Peter
- » [sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL - Tom Shaw