Snort mailing list archives
Re: Snort-users digest, Vol 1 #4419 - 10 msgs
From: "Scott Sattler" <Scott () SecureLabs Net>
Date: Tue, 27 Jul 2004 21:33:47 -0400
Scott Sattler 860-418-6625 Scott () Securelabs net Secure labs ----- Original Message ----- From: <snort-users-request () lists sourceforge net> To: <snort-users () lists sourceforge net> Sent: Tuesday, July 27, 2004 8:26 PM Subject: Snort-users digest, Vol 1 #4419 - 10 msgs
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Snort breakfast at Defcon (Brian) 2. W32.MyDoom.M@mm (Murray, Todd) 3. Help With SnortCenter (McKeeman, Samuel) 4. ACID with PHP 5.0.0 error! (dv8) 5. Problems with ACID and PHP 5.0.0 (dv8) 6. RE: Action Required to Deliver: RE: [Snort-users] Virus Rules (Dave
Randolph)
7. RE: ACID with PHP 5.0.0 error! (Joshua Berry) 8. Re: ACID with PHP 5.0.0 error! (Max Valdez) 9. Re: Snort breakfast at Defcon (Brian) 10. RE: Action Required to Deliver: RE: [Snort-users] Virus Rules
(mike () novanix com)
--__--__--
Message: 1
Date: Tue, 27 Jul 2004 14:31:53 -0400
From: Brian <bmc () snort org>
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort breakfast at Defcon
Want to come hang out with some of the Snort team? Eat some free
food? Get some nifty Snort schwag? A number of the Sourcefire guys
on the Snort team will be at Defcon this year. We talked to our
marketing folks and they agreed to sponsor a "Snort Breakfast" on
Sunday morning.
We've scheduled it for 10:00 AM, so you get a little bit of time to
get over your hangover. Space is limited, so I need confirmation that
you'll be there before you show up.
Since Sourcefire is paying for this shindig, I've been asked to
collect the following information:
Name
Phone
Email
Company
The first 30 people to register will get the location & an invite to
bring with them to get into breakfast.
Hope to see you there,
Brian
--__--__--
Message: 2
From: "Murray, Todd" <Todd.Murray () adidasus com>
To: "'snort-users () lists sourceforge net'"
<snort-users () lists sourceforge net>
Date: Tue, 27 Jul 2004 11:40:48 -0700
Subject: [Snort-users] W32.MyDoom.M@mm
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C47408.D8F1E373
Content-Type: text/plain
Does anyone have a tested snort rule for the latest variant of MyDoom? I
googled it and only found older rules watching for the attack against
sco.com. I'm still learning about rules and how to write them so any help
would be appreciated. If anyone has specific tools or sites they find
useful in providing the info needed to write rules for virus's that'd be a
great help too.
Todd Murray
------_=_NextPart_001_01C47408.D8F1E373
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C473CE.D49DB8E0">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:PunctuationKerning/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Does anyone have a tested snort rule for the latest =
variant
of <span class=3DSpellE>MyDoom</span>?<span =
style=3D'mso-spacerun:yes'> </span><span
class=3DGramE>I <span class=3DSpellE>googled</span> it and only found =
older rules
watching for the attack against sco.com.</span><span =
style=3D'mso-spacerun:yes'>
</span>I'm still learning about rules and how to write them so any help
would be appreciated.<span style=3D'mso-spacerun:yes'> </span>If =
anyone has
specific tools or sites they find useful in providing the info needed =
to write
rules for virus's that'd be a great help =
too.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Todd Murray<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C47408.D8F1E373--
--__--__--
Message: 3
Date: Tue, 27 Jul 2004 15:11:07 -0400
From: "McKeeman, Samuel" <smckeeman () ingdirect com>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] Help With SnortCenter
This is a multi-part message in MIME format.
------_=_NextPart_001_01C4740D.78502EF4
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi All,
I am using snortcenter to manage my sensors and I have run
into a problem that I hope somebody can help me with. I want to create
the config file to push off to the sensors, but when I click on update
from the internet I do not get anything. Also the file that can be
pushed to the sensors is empty. How do I get the file created to hold
all of the vars, preprocessors and outputplugins that I am already
currently using on my other sensors. I also noticed that you can only
select one output plugin. Is there anyway to have more than one
output-plugin. If anyone could help me out with setting this stuff up I
would greatly appreciate it.
=20
Thanks alot
=20
=20
--Sam McKeeman--
=20
This email may contain confidential or privileged information. If you
belie=
ve you have received the message in error, please notify the sender and
del=
ete the message without copying or disclosing it. ------_=_NextPart_001_01C4740D.78502EF4 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office"
xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word"
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C473EB.F15058E0">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple style=3D'tab-interval:.5in'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D'font-size:1=
0.0pt; font-family:Arial'>Hi All,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D'font-size:1=
0.0pt; font-family:Arial'><span
style=3D'mso-tab-count:1'> =
</span>I am using snortcenter to manage my sensors and I have run into a problem
tha=
t I hope somebody can help me with.<span style=3D'mso-spacerun:yes'> </span>I
=
want to create the config file to push off to the sensors, but when I click on update from the internet I do not get anything.<span style=3D'mso-spacerun:yes'> </span>Also the file that can be pushed
t=
o the sensors is empty.<span style=3D'mso-spacerun:yes'> </span>How do I
ge=
t the file created to hold all of the vars, preprocessors and outputplugins that
=
I am already currently using on my other <span
class=3DGramE>sensors.</span><span
style=3D'mso-spacerun:yes'> </span>I also noticed that you can only
s=
elect one output plugin.<span style=3D'mso-spacerun:yes'> </span><span class=3DGramE>Is there anyway to have more than one
output-plugin.</span><s=
pan style=3D'mso-spacerun:yes'> </span>If anyone could help me out with
s=
etting this stuff up I would greatly appreciate it.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D'font-size:1=
0.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D'font-size:1=
0.0pt; font-family:Arial'>Thanks alot<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D'font-size:1=
0.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span
style=3D=
'font-size: 12.0pt;mso-no-proof:yes'> <o:p></o:p></span></font></p> <p class=3DMsoNormal><strong><b><font size=3D2 face=3D"Times New
Roman"><sp=
an style=3D'font-size:10.0pt;mso-no-proof:yes'>--Sam
McKeeman--</span></font><=
/b></strong><span style=3D'mso-no-proof:yes'><o:p></o:p></span></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span
style=3D=
'font-size: 12.0pt'><o:p> </o:p></span></font></p> </div> <CODE><FONT SIZE=3D3><BR> <BR> This email may contain confidential or privileged information. If you
belie=
ve you have received the message in error, please notify the sender and
del=
ete the message without copying or disclosing it.<BR> </FONT></CODE> </body> </html> =00 ------_=_NextPart_001_01C4740D.78502EF4-- --__--__-- Message: 4 Date: Tue, 27 Jul 2004 15:31:09 -0400 From: dv8 <deviating () gmail com> To: snort-users () lists sourceforge net Subject: [Snort-users] ACID with PHP 5.0.0 error! Hello All, I am trying to install ACID with PHP 5.0.0. After trying to open the acid.php file I get the following error: PHP ERROR: Incompatible version: Version 5.0.0 of PHP is too old. Please upgrade to version 4.04 or later. Strange. I found something in the acid_db_common.php on line 67 that checks the version but I dont know exactly what to edit and change. Anyone have any experience with this? I tried using google but could not find anything relevant. Thanks!!! --__--__-- Message: 5 Date: Tue, 27 Jul 2004 16:14:33 -0400 From: dv8 <deviating () gmail com> To: snort-users () lists sourceforge net Subject: [Snort-users] Problems with ACID and PHP 5.0.0 Hello All, I am trying to install ACID with PHP 5.0.0. After trying to open the acid.php file I get the following error: PHP ERROR: Incompatible version: Version 5.0.0 of PHP is too old. Please upgrade to version 4.04 or later. Strange. I found something in the acid_db_common.php on line 67 that checks the version but I dont know exactly what to edit and change. Anyone have any experience with this? I tried using google but could not find anything relevant. Thanks!!! --__--__-- Message: 6 Subject: RE: Action Required to Deliver: RE: [Snort-users] Virus Rules Date: Tue, 27 Jul 2004 15:22:00 -0500 From: "Dave Randolph" <drandolph () nstarbank com> To: "snort users" <snort-users () lists sourceforge net> Ooooohhh!!!! A Flogging!!!!! How exciting!!!!=20-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of General Information Sent: Tuesday, July 27, 2004 12:17 PM To: 'snort users' Subject: RE: Action Required to Deliver: RE: [Snort-users] Virus Rules I concur!!! How obnoxious to post to a public list then insist we all deal with your spam filter to respond... You deal with it. =20 My whip is ready... Thank you.-----Original Message----- From: Harper, Patrick [mailto:patrick.harper () phns com]=20 Sent: Tuesday, July 27, 2004 4:38 AM To: snort users Subject: FW: Action Required to Deliver: RE: [Snort-users]=20Virus Rules=20 =20 I refuse! This should be 10 penalty drinks at least, and a flogging. =20 =20 -----Original Message----- From: Novanix [mailto:mailer-daemon () SpamDominator com]=20 Sent: Monday, July 26, 2004 11:29 PM To: Harper, Patrick Subject: Action Required to Deliver: RE: [Snort-users] Virus Rules =20 The email you sent with the subject: RE: [Snort-users] Virus=20 Rules has not been delivered yet! The person you emailed is=20 using a spam blocking tool. This is the first time we have on=20 record of you contacting Novanix from the address:=20 patrick.harper () phns com In order to deliver the email you=20 sent them and add you to a list so your future emails go=20 through You must take one of the following actions (within 8=20 days): Just click the link below (or copy it into your=20 browser url box):=20 http://www.SpamDominator.com/auth.cgi?user=3D1&code=3D7929250296010697274644 3867465826 Thank you, SpamDominator.com Support Staff (Do not respond to this message as your response will go no where) Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately.=20 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id=10040&op=3Dick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dort-users ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id=10040&op=3Dick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dort-users#########################################################################= ############ This email has been scanned by MailMarshal, an email content filter.=20 Please contact Administrator () nstarbank com if you have any questions or=20 comments. Thank you. #########################################################################= ############ --__--__-- Message: 7 Subject: RE: [Snort-users] ACID with PHP 5.0.0 error! Date: Tue, 27 Jul 2004 15:26:59 -0500 From: "Joshua Berry" <jberry () PENSON COM> To: "dv8" <deviating () gmail com> Cc: <snort-users () lists sourceforge net> I think you could change this: if (!(($version[0] >=3D 4) && ((($version[1] =3D=3D 0) && ($version[2] ==3D 4))|| ($version[1] > 0)))) { to: if (!(($version[0] >=3D 4) && ((($version[1] =3D=3D 0) && ($version[2] ==3D 4))|| ($version[1] > 0))) || $version[0]=3D 5){ -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of dv8 Sent: Tuesday, July 27, 2004 2:31 PM To: snort-users () lists sourceforge net Subject: [Snort-users] ACID with PHP 5.0.0 error! Hello All, I am trying to install ACID with PHP 5.0.0. After trying to open the acid.php file I get the following error: PHP ERROR: Incompatible version: Version 5.0.0 of PHP is too old. Please upgrade to version 4.04 or later. Strange. I found something in the acid_db_common.php on line 67 that checks the version but I dont know exactly what to edit and change. Anyone have any experience with this? I tried using google but could not find anything relevant. Thanks!!! ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=3D4721&alloc_id=3D10040&op=3Dclick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- Message: 8 From: Max Valdez <maxvalde () fis unam mx> Organization: CCF To: snort-users () lists sourceforge net Subject: Re: [Snort-users] ACID with PHP 5.0.0 error! Date: Tue, 27 Jul 2004 16:09:58 -0500 Even if you change that, you will find more errors, classes are not
treated
the same (I think), that makes acid not to run on PHP 5 Max -- Linux garaged 2.6.7-rc3-mm2 #2 Sat Jun 19 15:43:32 CDT 2004 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O-
M--
V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** ------END GEEK CODE BLOCK------ gpg-key: http://garaged.homeip.net/gpg-key.txt --__--__-- Message: 9 Date: Tue, 27 Jul 2004 17:25:24 -0400 From: Brian <bmc () snort org> To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort breakfast at Defcon On Tue, Jul 27, 2004 at 02:31:53PM -0400, Brian wrote:We talked to our marketing folks and they agreed to sponsor a "Snort Breakfast" on Sunday morning. We've scheduled it for 10:00 AM, so you get a little bit of time to get over your hangover. Space is limited, so I need confirmation that you'll be there before you show up.BTW, this is at Defcon 12, in Las Vegas, Nevada, USA, on Planet Earth in the Sol system at 10:00 AM PDT on August 1st 2004 using the Gregorian Calendar. Brian --__--__-- Message: 10 From: <mike () novanix com> To: "'Harper, Patrick'" <patrick.harper () phns com>, "'snort users'" <snort-users () lists sourceforge net>, <snort-users-admin () lists sourceforge net>, <drandolph () nstarbank com> Subject: RE: Action Required to Deliver: RE: [Snort-users] Virus Rules Date: Tue, 27 Jul 2004 20:23:16 -0400 Sorry, it was not an attempt to be rude, but with this mailing list = being archived I didn't want my direct address being picked up by spambots. Anything from sourceforge.net is allowed, I didn't think that it would = be the user sending it and not from sourceforge. In addition I switched to batched mode so they should all come from @sourceforge now. I turned of spam filtering on my mike@novanix too, to ensure any problems until it catches up. Sorry for the hassle but we get 1000's of spam messages a = day, so we have a more aggressive spam system in place.=20 Thanks, Mike Shale System Administrator Novanix, LLC.-----Original Message----- From: Harper, Patrick [mailto:patrick.harper () phns com] Sent: Tuesday, July 27, 2004 6:38 AM To: snort users Subject: FW: Action Required to Deliver: RE: [Snort-users] Virus Rules =20 I refuse! This should be 10 penalty drinks at least, and a flogging. =20 =20 -----Original Message----- From: Novanix [mailto:mailer-daemon () SpamDominator com] Sent: Monday, July 26, 2004 11:29 PM To: Harper, Patrick Subject: Action Required to Deliver: RE: [Snort-users] Virus Rules =20 The email you sent with the subject: RE: [Snort-users] Virus Rules has not been delivered yet! The person you emailed is using a spam blocking tool. This is the first time we have on record of you contacting Novanix =fromthe address: patrick.harper () phns com In order to deliver the email you sent them and add you to a list so your future emails go through You must take one of the following =actions(within 8 days): Just click the link below (or copy it into your browser url box): =http://www.SpamDominator.com/auth.cgi?user=3D1&code=3D7929250296010697274= 6443867465826 =20 =20 Thank you, SpamDominator.com Support Staff (Do not respond to this message as your response will go no where) =20 =20 =20 =20 =20 =20 =20 =20 Disclaimer: This electronic message, including any attachments, is confidential =andintended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, =dissemination,use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. =20 =20 =20 =20 =20 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id=10040&op=3Dick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dort-users =20 =20--__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users digest, Vol 1 #4419 - 10 msgs Scott Sattler (Jul 27)