McDonald, Dan wrote:
I'm using amavisd-new and p0f with BOTNET.pl, and some Windows XP
machines are not being caught.
Here are my rules:
header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP(?![^(]*\b2000 SP)/
score L_P0F_WXP 2.3
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?!
header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP(?![^(]*\b2000
SP)/ score L_P0F_WXP 2.3
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W 1.0
[...]
Matt Kettler wrote:
Well, that much should be obvious.
Both rules are explicitly designed to
Mark Martinec wrote:
header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP(?![^(]*\b2000
SP)/ score L_P0F_WXP 2.3
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W 1.0
[...]
Matt Kettler wrote:
Well, that much should be obvious.
Both rules
I'm using amavisd-new and p0f with BOTNET.pl, and some Windows XP
machines are not being caught.
Here are my rules:
header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP(?![^(]*\b2000 SP)/
score L_P0F_WXP 2.3
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W