[Snort-users] [OT] Question about negated and non-negated variables in rules

Matt Kettler mkettler at ...4108...
Fri Nov 28 11:15:04 EST 2003


At 11:49 AM 11/27/2003, J-H. Johansen wrote:
>And does anyone have a clue why bigbrother sent me this reply when I sent 
>this mail ?
>
>
>Subject: Symantec Mail Security detected that you sent a message 
>containing prohibited content
>From: admin at ...10183...

That's because some admin for unitedwaydenver has some absurdly stupid spam 
filtering with simple single-phrase-match and block logic.

It probably bounced because the SF.net advertisement at the bottom included 
the phrase "share the love" thus the entire message was assumed to be porn 
spam.

Some people never learn :)







More information about the Snort-users mailing list