Snort mailing list archives
Re: Simple problem with virus.rules line 16 (cvs)
From: Brian <bmc () snort org>
Date: Thu, 3 Jan 2002 18:47:13 -0500
According to Phil Wood:
On Thu, Jan 03, 2002 at 11:17:02AM -0500, Brian wrote:According to Phil Wood:patch is:-alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722; classtype:misc-activity; rev:3;) +alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722; classtype:misc-activity; rev:3;)ident virus.rules please.Sorry, I've been trusting the cvs for snort-1.8.3. I see now that the version is old: # $Id: virus.rules,v 1.11 2001/12/04 06:55:11 fygrave Exp $ Version 1.9-dev has: # $Id: virus.rules,v 1.12 2001/12/12 17:52:14 cazz Exp $ I'll look there from now on.
doh. Didn't realize people where tracking that. I'll start syncing rule changes to the other tree as well. Give me a couple of days to get it up and running. -- The product of the IQs of each member of a tech-support conversation is a constant. -- Michael Driscoll _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Simple problem with virus.rules line 16 (cvs) Phil Wood (Jan 02)
- Re: Simple problem with virus.rules line 16 (cvs) Brian (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Phil Wood (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Brian (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Phil Wood (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Brian (Jan 03)