Snort mailing list archives
Fwd: maldet alert from TCP-IDS
From: Scott Spangler <scott.spangler () devopsglobalsolutions com>
Date: Mon, 20 Mar 2017 12:44:39 -0400
Dear Snort Signature Community: Please see the contents below, as I wanted to bring to your attention, that a recent Pulledpork download of Snort community-rules contained a malware virus. The malware virus was immediately quarantined using Linux Maldect on the Snort IDS host. Regards, Scott Spangler ---------- Forwarded message ---------- From: root <root@tcp-ids.localdomain> Date: Fri, Mar 17, 2017 at 11:28 PM Subject: maldet alert from TCP-IDS To: scott.spangler () devopsglobalsolutions com HOST: TCP-IDS SCAN ID: 170318-0328.10906 STARTED: Mar 18 2017 03:28:48 +0000 COMPLETED: Mar 18 2017 03:28:59 +0000 ELAPSED: 11s [find: 0s] PATH: RANGE: 1 days TOTAL FILES: 4 TOTAL HITS: 1 TOTAL CLEANED: 0 FILE HIT LIST: {YARA}eval_post : /tmp/community-rules.tar.gz => /usr/local/maldetect/ quarantine/community-rules.tar.gz.2689929416 =============================================== Linux Malware Detect v1.6 < proj () rfxn com >
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Fwd: maldet alert from TCP-IDS Scott Spangler (Mar 20)
- Re: maldet alert from TCP-IDS Joel Esler (jesler) (Mar 20)
- Re: maldet alert from TCP-IDS James Lay (Mar 20)
- Re: Fwd: maldet alert from TCP-IDS Geoffrey Serrao (Mar 20)
- Re: Fwd: maldet alert from TCP-IDS Geoffrey Serrao (Mar 20)
- Re: maldet alert from TCP-IDS Joel Esler (jesler) (Mar 20)