Snort mailing list archives
Sourcefire VRT Certified Snort Rules Update 2011-11-02
From: Research <research () sourcefire com>
Date: Wed, 2 Nov 2011 14:52:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourcefire VRT Certified Snort Rules Update Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, chat, deleted, dos, exploit, file-identify, ftp, misc, multimedia, policy, specific-threats, spyware-put, web-activex and web-misc rule sets to provide coverage for emerging threats from these technologies. This release introduces the file-identify.rules category. The purpose of this category is to standardize the structure of rules that set a flowbit used to identify file downloading activities. A new port variable, FILE_DATA_PORTS, accompanies this category and contains a ports list used by these rules to identify the download of file types. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-11-02.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFOsZGDaBoqZBVJfwMRAqX4AJ4jchfS5BpF8ZjUB4wUPcioOGSZCwCeMycW xi+YlYRXmUQ3E1dO82lUll8= =V3vo -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2011-11-02 Research (Nov 02)