Snort mailing list archives
Re: Klez Incoming
From: Shane Williams <shanew () shanew net>
Date: Wed, 13 Nov 2002 15:20:14 -0600 (CST)
We average about 30-40 per day with around 1000 accounts. Just to make sure, which rule are you using? If you've got a copy of a email that snort caught and your AV didn't, I'd be interested in seeing a copy. On Wed, 13 Nov 2002, Jacob Redding wrote:
Everyday I am receiving about 2-3 "VIRUS Klez Incoming" alerts from snort, but our virus protection program is not picking it up. I believe this is a false positive as our virus defs are up to date. Before I rule this as a false positive or start digging through peoples mailboxes (privacy policy, blah blah), has any else had this experience??
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | Systems Administrator UT-GSLIS =----------------------------------+------------------------------- All syllogisms contain three lines | shanew () gslis utexas edu Therefore this is not a syllogism | www.gslis.utexas.edu/~shanew ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Klez Incoming Jacob Redding (Nov 13)
- RE: Klez Incoming Gene Gomez (Nov 13)
- Re: Klez Incoming Shane Williams (Nov 13)
- Re: Klez Incoming Jacob Redding (Nov 13)
- Re: Klez Incoming Shane Williams (Nov 14)
- Re: Klez Incoming Jacob Redding (Nov 13)
- <Possible follow-ups>
- RE: Klez Incoming Jim O'Donald (Nov 13)
- RE: Klez Incoming Sean T. Ballard (Nov 14)
- RE: Klez Incoming Kreimendahl, Chad J (Nov 14)