Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SID 16367

From: Alex Kirk <akirk () sourcefire com>
Date: Mon, 25 Jan 2010 12:56:18 -0500
It's an SO rule, so you're not going to see the rule itself anywhere in the
rules download. The .so file will be in
so_rules/precompiled/<OS>/<platform>/<Snort Version>/web_client.so,
i.e. so_rules/precompiled/Ubuntu-6.01.1/i386/2.8.5.1/web_client.so. A stub
rule should be in the so_rules/web_client.rules file.

That said, one thing I've seen happen repeatedly (and done myself) is that
someone grabbed the registered user release instead of the subscriber
release (it's the lower thing on the page when you hit the download rules
button, and it just seems obvious), and the registered release won't have
that rule yet (there's a 30-day delay).

On Mon, Jan 25, 2010 at 12:29 PM, Document Retention <
document.retention () gmail com> wrote:


Hello,

I am unable to find the new IE zero day exploit rule withing the latest VRT
ruleset.  The VRT guys said they added it on the 15th.
http://www.snort.org/vrt/advisories/2010/01/15/vrt-rules-2010-01-15.html/

Am I missing something?  Where is the rule?


Thanks,


Doc



------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for
Conference
attendees to learn about information security's most important issues
through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk () sourcefire com

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: