[sanesecurity] Re: winnow.malware.ts.msofficeupdate.3.UNOFFICIAL

  • From: Tom Shaw <tshaw@xxxxxxxx>
  • To: sanesecurity@xxxxxxxxxxxxx
  • Date: Fri, 23 Oct 2009 12:05:36 -0400

At 5:56 PM +0200 10/23/09, Per Jessen wrote:
Tom Shaw wrote:

 At 5:21 PM +0200 10/23/09, Per Jessen wrote:

I have 157 mails that hit the signature, but doesn't
contain 'update.microsoft.com'.  I'll be back later with an update.

 gzip them to me and I'll take a peak also.

Umm, something's weird - I've just handtested a couple of these suspect
FPs with clamscan, and didn't see a hit.  (We're using clamd in
production).  I might have been a little early with the FP report.

Let me know so I can reenable.


Other related posts: