Snort mailing list archives
Bleeding-Edge Virus 2001268 false positive (SWEN.A)
From: Rich Adamson <radamson () routers com>
Date: Tue, 5 Jul 2005 15:56:46 -0600
FYI, the Bleeding-Edge Virus rule 2001268 is fired when an email is sent that has a remote SupportDesk package attached from: http://www.networkstreaming.com/products.htm snort: [1:2001268:4] BLEEDING-EDGE VIRUS SWEN.A Worm detected [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} 10.10.10.161:1099 -> 222.1.111.1:25 The exact signature in this rule does occur in this commercial software package. I don't have a copy of the virus to recommend changes to this rule. Rich ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bleeding-Edge Virus 2001268 false positive (SWEN.A) Rich Adamson (Jul 05)
- Re: Bleeding-Edge Virus 2001268 false positive (SWEN.A) Xavier Cabrera (Jul 05)