[sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208

• From: "Steve Basford" <steveb_clamav@xxxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Tue, 7 Jun 2011 12:28:37 +0100

> Steve, why are you wanting virtualtarget_com_br removed?  I didn't see
> it mentioned anywhere is Henrique's email.

Hi Bill,

Sorry, should have been a bit clearer...

Tom's sig:

winnow.malware.ts.miscspam.672208:3:*:(2e|2f|40|20|3c)766972747
5616c7461726765742e636f6d2e6272(27|22|20|2f|3d|3e|0a|0d)

decodes to:

virtualtarget_com_br
(replace _ with .)

So, thought I'd whitelist from your sigs too, until you could take a look.

Cheers,

Steve
Sanesecurity

• Follow-Ups:
  • [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208
    • From: Bill Landry

• References:
  • [sanesecurity] False positives with winnow.malware.ts.miscspam.672208
    • From: Henrique de Moraes Holschuh
  • [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208
    • From: Steve Basford
  • [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208
    • From: Bill Landry

Other related posts:

• » [sanesecurity] False positives with winnow.malware.ts.miscspam.672208- Henrique de Moraes Holschuh
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- Steve Basford
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- TR Shaw
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- Bill Landry
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208 - Steve Basford
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- Bill Landry

1. Home
2. sanesecurity
3. Archive
4. 06-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---