Results 1 to 4 of 4

Thread: SaneSecurity :: winnow Exploit Detection Signatures

Threaded View

  1. #1
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default SaneSecurity :: winnow Exploit Detection Signatures

    Steve from Sanesecurity would like to to announce the launch of Winnow ClamAV Exploit Detection Signatures.

    Winnow signatures offer the following feature sets:
    • Malware received but not currently detected by official ClamAV signatures, including: Phishing, including financial, gaming, email, networking, social, trading, retail, government, file sharing
    • Fraud, including: fake banks, escrows, shippers, 419s, jobs, mules, money laundering
    • Hacked and exploited hosts
    • Rogue domains harboring malware/spam/etc.
    The three databases distributed at the moment are:
    • winnow_malware.hdb - Current virus, trojan and other malware not yet detected by ClamAV.
    • winnow_phish_complete.ndb - Signatures to detect phishing and other malicious url's and compromised hosts - derived in a similar fashion as SURBL but with special processing to remove the possibility of false positives. (Recommended)
    • winnow_phish_complete_url.ndb - Similar to winnow_phish_complete.ndb except that entire urls's are used to derive the signatures rather than carefully selected hosts. (Conservative)
    For more details: winnow ClamAV Threat Detection Signatures

    Download scripts will be available shortly for these signatures on the new mirrors.
    Last edited by mmorse; 03-31-2009 at 11:21 AM. Reason: links and formatting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •