The signature for “Outlook Web Access Cross Site Scripting Vulnerability” does not permit the user to see the regular expression that is used by the signature to capture events.

The signature is often triggered for packets similar to the one below when internal users connect on internet web pages.

..~...........E.....@.>..~......I8.L..w...4G.TP.......piegel.de/css/0,5459,PB64-dmVyPWxvdyZyZXY9MjAwNTA4MTYyMjQ0MDUmc3R5bGU9,00.css">.<link rel="stylesheet" type="text/css" href="http://www.spiegel.de/css/0,5459,PB64-dmVyPWZ1bGwmcmV2PTIwMDUwODE2MjI0NDA1JnN0eWxlPQ_3_3,00.css" media="screen, projection, print">.<link rel="shortcut icon" href="http://www.spiegel.de/favicon.ico" type="image/ico">.....<link rel="stylesheet" href="/main/css/style.css" type="text/css" />...<script type="text/javascript" language="JavaScript" src="/main/css/parship.js"></script>.</head>.<body id="www-spiegel-de" bgcolor="#FFFFFF" text="#000000" link="#B20A15" vlink="#B20A15" alink="#ff0000">.<!-- SZM VERSION="1.3" -->.<script type="text/javascript">.<!--.var IVW="http://spiegel.ivwbox.de/cgi-bin/ivw/CP/1008;/panorama/c-10/r-1228/tpl-Parship/be-PB64-cGFub3JhbWEvcGFyc2hpcC9hcnRpa2Vs/~~addcountinfohere~~/szwprofil-1008";.document.write('<img src="'+IVW+'?r='+escape(document.referrer)+'&d='+(Math.random()*100000)+'" width="1" height="1" border="0" align="right" alt="">');.// -->.</script>.<noscript>.<img src="http://spiegel.ivwbox.de/cgi-bin/ivw/CP/1008;/panorama/c-10/r-1228/tpl-Parship/be-PB64-cGFub3JhbWEvcGFyc2hpcC9hcnRpa2Vs/~~addcountinfohere~~/szwprofil-1008" width="1" height="1" border="0" align="right" alt="">.</noscript>.<!-- /SZM -->.<img src="http://www.spiegel.de/cgi-bin/vdz/CP/spiegel/panorama/c-10/r-1228/tpl-Parship/be-PB64-cGFub3JhbWEvcGFyc2hpcC9hcnRpa2Vs/~&#12...;

What recommended action could be taken for tuning out the noise from this signature??

Thanks in advance