[sanesecurity] Re: winnow additions
- From: TR Shaw <tshaw@xxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Tue, 14 Feb 2012 06:11:51 -0500
On Feb 14, 2012, at 4:12 AM, Grayhat wrote:
>> Just to let you know. winnow will be adding skull's bofhland
>> signatures to the winnow distribution.
>
> Cool !! So at end Emanuele did it :) !
Yes, he did and we are adding more feeds. Presently we have a small overlap
(because there are TONS on cracked sites now. We are working to better
categorized and higher detection rate.
>
>> bofhland_cracked_URL.ndb, bofhland_malware_URL.ndb and
>> bofhland_phishing_URL.ndb will be added to winnow_malware_links.ndb
>> and winnow_phish_complete.ndb and winnow_phish_complete_url.ndb.
>
> A question; are the complete sigs fully added to the winnow DBs or are
> you performing some kind of "filtering" on them ? Just curious; as a
> note I've been testing those sigs (and I think Steve did the same) for
> a while by directly fetching them from the bofhland page :D
>
I just decided that Emanuele and I had such good results using his and mine
that I would do something for get it out there. Looks like we found traction
;-) I have been talking to Steve and I hope he will be adding directly
instead. As Steve said its cleaner.
Tom
Other related posts: