[Emerging-Sigs] Jorik FakeAV sig

Packet Hack pckthck at gmail.com
Mon Oct 31 14:09:38 EST 2011


On Mon, Oct 31, 2011 at 2:22 PM, Matthew Jonkman
<jonkman at emergingthreatspro.com> wrote:
> On Oct 31, 2011, at 1:09 PM, Packet Hack wrote:

> I don't know that there's a simple answer there. And it'll vary depending on the engine.
[...]
> That help any?

Hmm, well, still confused on when to use fp:only . I was under the impression
that it only used the fp check and didn't do the content checks, therefore it
may be faster on simple patterns.

-- pckthck


More information about the Emerging-sigs mailing list