[Emerging-Sigs] FPs on sid 2028883
jcallcott at emergingthreats.net
Thu Oct 24 06:41:14 HDT 2019
Thanks for the report.
I'll take a look at the signature set today and have some fixes available
later today in the usual daily release.
In the meantime, have you observed false positives that aren't PNG
related? If so, I'd love to see those pcaps so I can reduce FP rates even
On Thu, Oct 24, 2019 at 2:08 PM jt <jtfas90 at gmail.com> wrote:
> Hi Erich,
> Yes we are seeing a number of FPs on this one as well. I was going to
> send some pcaps over with additional information today of what we are
> seeing to support.
> On Thu, 2019-10-24 at 12:15 +0000, Erich.Lerch--- via Emerging-sigs
> > Hi
> > We're getting several alerts per day from SID 2028883.
> > All seem to be legit PNG downloads (HTTP).
> > I can consistently reproduce the FP, e.g. with:
> > hxxp://www.bernau[.]ch/images/content/banner/facebooklogo.png
> > hxxp://
> > Do others see this behavior too?
> > Cheers,
> > Erich
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs at lists.emergingthreats.net
> > https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> > Support Emerging Threats! Subscribe to Emerging Threats Pro
> > http://www.emergingthreats.net
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs