[Snort-users] [OT] Question about negated and non-negated variables in rules
mkettler at ...4108...
Fri Nov 28 11:15:04 EST 2003
At 11:49 AM 11/27/2003, J-H. Johansen wrote:
>And does anyone have a clue why bigbrother sent me this reply when I sent
>this mail ?
>Subject: Symantec Mail Security detected that you sent a message
>containing prohibited content
>From: admin at ...10183...
That's because some admin for unitedwaydenver has some absurdly stupid spam
filtering with simple single-phrase-match and block logic.
It probably bounced because the SF.net advertisement at the bottom included
the phrase "share the love" thus the entire message was assumed to be porn
Some people never learn :)
More information about the Snort-users