[Esd-l] False Positives on "Windows Executable" signature tests
John D. Hardin
jhardin at impsec.org
Wed Feb 25 06:35:59 PST 2004
On Tue, 24 Feb 2004, John D. Hardin wrote:
> Marcela Doniov sez:
> >
> > procmail sanitizer 1.139 move e-mail with *.doc to quarantine why?
>
> {snip}
>
> > procmail: Score: 2147483647 2147483647 "LnJkYXRhAA"
> > procmail: Executing " formail -A "X-Content-Security: [$HOST] NOTIFY" \
> > -A "X-Content-Security: [$HOST] QUARANTINE" \
> > -A "X-Content-Security: [$HOST] REPORT: Trapped Windows executable attachment""
I have reduced the chances of this and related tests generating false
positives.
If you are getting a lot of false-positive "Windows Executable" hits,
you may want to grab the current dev snapshot and see if it fixes your
problem. If you do this, please give me some feedback.
I apologize for the inconvenience this has caused anyone.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
38 days until the Slovakian Presidential Election
More information about the esd-l
mailing list