Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Bleeding-Edge Virus 2001268 false positive (SWEN.A)

From: Rich Adamson <radamson () routers com>
Date: Tue, 5 Jul 2005 15:56:46 -0600
FYI, the Bleeding-Edge Virus rule 2001268 is fired when an email is
sent that has a remote SupportDesk package attached from:
 http://www.networkstreaming.com/products.htm

snort: [1:2001268:4] BLEEDING-EDGE VIRUS SWEN.A Worm detected 
[Classification: A Network Trojan was detected]
[Priority: 1]: {TCP} 10.10.10.161:1099 -> 222.1.111.1:25

The exact signature in this rule does occur in this commercial software
package. 

I don't have a copy of the virus to recommend changes to this rule.

Rich




-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: