[Snort-users] [Emerging-Sigs] Reliability of signatures

Michael Scheidell michael.scheidell at ...8144...
Thu Feb 10 09:43:38 EST 2011


On 2/10/11 8:30 AM, Michael Stone wrote:
> Well, even that distincion isn't so clear. Does "what it's supposed to
> be looking for" mean "the string the signature was written against" or
> "the malware the signature was written against"?
>
if someone is scanning my LAMP network for IIS6 holes, are those FP's?
btw, when on the icsa labs anti-spam initial steering group, all the 
vendors argues about was a SPAM and HAM was.
that was the largest, longest and noisiest and most contentious issue.

what is a spam?
a) from email admin perspective:
b) from user perspective.

from a user, its 'something I didn't want, even if I signed up for it'

ham? something I wanted, even if I didn't sign up for it.

needed to come to an agreement, since part of the icsa labs 
certification was > 95% spam capture, and less then 1 in 100,000 FP's.

so, if brother in law on aol gets a joke fwd to him, that has been 
around 100 times, and sends it to user, and the (business tuned) 
anti-spam engine blocks it, is that a FP?




-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best in Email Security,2010: Network Products Guide
    * King of Spam Filters, SC Magazine 2008


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110210/bc6cdf73/attachment.html>


More information about the Snort-users mailing list