Snort mailing list archives
Simple problem with virus.rules line 16 (cvs)
From: Phil Wood <cpw () lanl gov>
Date: Wed, 2 Jan 2002 22:23:00 -0700
patch is: --- /tmp/virus.rules Thu Jan 3 05:20:24 2002 +++ virus.rules Thu Jan 3 05:20:37 2002 @@ -13,7 +13,7 @@ alert tcp any 110 -> any any (msg:"Virus - SnowWhite Trojan Incoming"; content:"Suddlently"; sid:720; classtype:misc-activity; rev:3;) alert tcp any 110 -> any any (msg:"Virus - Possible pif Worm"; content: ".pif"; nocase; sid:721; classtype:misc-activity; rev:3;) -alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722; classtype:misc-activity; rev:3;) +alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722; classtype:misc-activity; rev:3;) alert tcp any 110 -> any any (msg:"Virus - Possible MyRomeo Worm"; content: "myromeo.exe"; nocase; sid:723; classtype:misc-activity; rev:3;) alert tcp any 110 -> any any (msg:"Virus - Possible MyRomeo Worm"; content: "myjuliet.chm"; nocase; sid:724; classtype:misc-activity; rev:3;) alert tcp any 110 -> any any (msg:"Virus - Possible MyRomeo Worm"; content: "ble bla"; nocase; sid:725; classtype:misc-activity; rev:3;) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Simple problem with virus.rules line 16 (cvs) Phil Wood (Jan 02)
- Re: Simple problem with virus.rules line 16 (cvs) Brian (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Phil Wood (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Brian (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Phil Wood (Jan 03)
- Re: Simple problem with virus.rules line 16 (cvs) Brian (Jan 03)