[Snort-users] [Emerging-Sigs] Reliability of signatures
michael.scheidell at ...8144...
Thu Feb 10 09:43:38 EST 2011
On 2/10/11 8:30 AM, Michael Stone wrote:
> Well, even that distincion isn't so clear. Does "what it's supposed to
> be looking for" mean "the string the signature was written against" or
> "the malware the signature was written against"?
if someone is scanning my LAMP network for IIS6 holes, are those FP's?
btw, when on the icsa labs anti-spam initial steering group, all the
vendors argues about was a SPAM and HAM was.
that was the largest, longest and noisiest and most contentious issue.
what is a spam?
a) from email admin perspective:
b) from user perspective.
from a user, its 'something I didn't want, even if I signed up for it'
ham? something I wanted, even if I didn't sign up for it.
needed to come to an agreement, since part of the icsa labs
certification was > 95% spam capture, and less then 1 in 100,000 FP's.
so, if brother in law on aol gets a joke fwd to him, that has been
around 100 times, and sends it to user, and the (business tuned)
anti-spam engine blocks it, is that a FP?
Michael Scheidell, CTO
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users