Snort mailing list archives
RE: Klez Incoming
From: "Gene Gomez" <gegomez () tycoint com>
Date: Wed, 13 Nov 2002 12:53:12 -0800
Why don't you look at the packet captures and find out what's triggering the rule? That'd be a MUCH better way to figure out whether this is a false positive or not than just turning off the rule (you're screwed if it's NOT false positive), or digging through boxes (a GIGANTIC waste of time if it IS a false positive). Gene -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Jacob Redding Sent: Wednesday, November 13, 2002 12:18 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Klez Incoming Everyday I am receiving about 2-3 "VIRUS Klez Incoming" alerts from snort, but our virus protection program is not picking it up. I believe this is a false positive as our virus defs are up to date. Before I rule this as a false positive or start digging through peoples mailboxes (privacy policy, blah blah), has any else had this experience?? -Jacob ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Klez Incoming Jacob Redding (Nov 13)
- RE: Klez Incoming Gene Gomez (Nov 13)
- Re: Klez Incoming Shane Williams (Nov 13)
- Re: Klez Incoming Jacob Redding (Nov 13)
- Re: Klez Incoming Shane Williams (Nov 14)
- Re: Klez Incoming Jacob Redding (Nov 13)
- <Possible follow-ups>
- RE: Klez Incoming Jim O'Donald (Nov 13)
- RE: Klez Incoming Sean T. Ballard (Nov 14)
- RE: Klez Incoming Kreimendahl, Chad J (Nov 14)