Snort mailing list archives
Re: VIRUS OUTBOUND .pif file attachment
From: Brian <bmc () snort org>
Date: Thu, 4 Sep 2003 22:00:57 -0400
On Thu, Sep 04, 2003 at 11:12:35AM -0700, Stevo wrote:
Got a questions about the [snort] VIRUS OUTBOUND .pif file attachment rule. I'm seeing a billion of these in my logs and don't really understand the rule. My mail server is 63.145.201.15 and from the rule it appears that my mail server is connecting to other mail servers on port 25 and Snort is picking up that I'm sending a .pif file attachment.
If you set SMTP_SERVERS, then it will only look for oubound .pif emails. -brian ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- VIRUS OUTBOUND .pif file attachment Stevo (Sep 04)
- Re: VIRUS OUTBOUND .pif file attachment Brian (Sep 04)
- Re: VIRUS OUTBOUND .pif file attachment Erek Adams (Sep 04)
- Re: VIRUS OUTBOUND .pif file attachment Stevo (Sep 05)
- Re: VIRUS OUTBOUND .pif file attachment Erek Adams (Sep 05)
- Re: VIRUS OUTBOUND .pif file attachment Stevo (Sep 08)
- Re: VIRUS OUTBOUND .pif file attachment Stevo (Sep 05)