Re: Klez Incoming

[Shane Williams <shanew () shanew net>]

We average about 30-40 per day with around 1000 accounts.

Just to make sure, which rule are you using?  If you've got a copy of
a email that snort caught and your AV didn't, I'd be interested in
seeing a copy.

On Wed, 13 Nov 2002, Jacob Redding wrote:

>   Everyday I am receiving about 2-3 "VIRUS Klez Incoming" alerts from
> snort, but our virus protection program is not picking it up. I believe
> this is a false positive as our virus defs are up to date. Before I rule
> this as a false positive or start digging through peoples mailboxes
> (privacy policy, blah blah), has any else had this experience??

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                | Systems Administrator UT-GSLIS
=----------------------------------+-------------------------------
All syllogisms contain three lines |        shanew () gslis utexas edu
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew



-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about 
your web server security? Click here for a FREE Thawte 
Apache SSL Guide and answer your Apache SSL security 
needs: http://www.gothawte.com/rd523.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users