On Feb 14, 2012, at 4:12 AM, Grayhat wrote: >> Just to let you know. winnow will be adding skull's bofhland >> signatures to the winnow distribution. > > Cool !! So at end Emanuele did it :) ! Yes, he did and we are adding more feeds. Presently we have a small overlap (because there are TONS on cracked sites now. We are working to better categorized and higher detection rate. > >> bofhland_cracked_URL.ndb, bofhland_malware_URL.ndb and >> bofhland_phishing_URL.ndb will be added to winnow_malware_links.ndb >> and winnow_phish_complete.ndb and winnow_phish_complete_url.ndb. > > A question; are the complete sigs fully added to the winnow DBs or are > you performing some kind of "filtering" on them ? Just curious; as a > note I've been testing those sigs (and I think Steve did the same) for > a while by directly fetching them from the bofhland page :D > I just decided that Emanuele and I had such good results using his and mine that I would do something for get it out there. Looks like we found traction ;-) I have been talking to Steve and I hope he will be adding directly instead. As Steve said its cleaner. Tom