Re: Virus - Possible scr Worm

[Alberto Gonzalez <electron () wwjh net>]

> hi

{ sigh.. }

> while retreiving my mails from my pop server I got
> this alert in ACID
>
> I looked at the data payload, it had one .scr file.
>
> So it means it was I virus ?
> Does this .scr extension relates to a virus ?

What rule triggered the alert? Do you have a packet dump? We can't 
determine _anything_ from your post. You have to be more specific.
Also, you _wont_ learn anything by posting every single question you have, 
as stated by Erek Adams, snort has extensive documentation. If you don't 
understand what the alerts are, there are plenty of books that cover 
intrusion detection systems. "Intrusion Detection: An Analyst's Handbook" 
3rd edition has quite a few chapters on snort. This will help you in your 
journery...

Don't you think its time you crossed the street without someone holding 
your hand?


> Regards,
> Bishan

 Cheers!
 Alberto Gonzalez

-- 
"Success comes to the person who does today, what you are thinking of doing tomorrow." 




-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users