On Tuesday, May 17, 2005, 3:27:13 PM, Matt wrote: M> Pete,
M> Your memory fails you :) I reported one just yesterday, M> however it was understandable. The rule is below (slightly M> obfuscated for public consumption). MB>> Final MB>> RULE 349776-055: User Submission, 13 days, 3.1979660500 MB>> NAME: Account and Password Information are MB>> attached!%+account_info(dot)zip MB>> CODE: Account and Password Information are MB>> attached!%+account\_info\(dot)zip MB>> No prior False Positive Reports. I stand corrected :-) (I think I subconsciously omitted it because in the end we decided to keep the rule and white-rule the list that contained the traffic.) You are correct that presently all malware group rules are coded manually. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html