Re: W32.Badtrans.B@mm

[Tom Fischer <tfischer () abh de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 27. November 2001 16:30 schrieben Sie:
> Brad:
>
> This seems to be doing it for me:
>
> alert tcp any 110 -> any any (msg:"Virus - Possible scr Worm";
>   content: ".scr"; nocase; sid:729;  classtype:misc-activity; rev:3;)

yes, but mails with .scr in content (like this) are making nice false 
positives ;)

Tom
- -- 
Tom Fischer                     ABH Marketingservice GmbH
System Administrator            Weisshaustraße 23a
Tel: 0221-94400446              50939 Köln      
http://www.abh.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwDvigACgkQwafQrcfco8HgwQCfRih4uUrCiqVEwZ/L6lle0F4O
QooAmwYV7z0L8oW/yZaVhUp3MltEjRh9
=CRE2
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users