Snort mailing list archives
Re: virus.rules file
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 4 Sep 2012 07:03:18 -0400
The virus.rules file has been depreciated, and will be removed in a future release. If you are using the most current rulepack, look for the "malware" set of categories, along with the exploit-kit category. Rules will be populated into these categories heavily over the next few releases. -- Joel Esler Sent from my iPad On Sep 4, 2012, at 6:08 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:
Just a quick thought... Why does virus.rules file say- #------------- # VIRUS RULES #------------- # # We don't care about virus rules anymore. BUT, you people won't stop asking # us for virus rules. So... here ya go. # # There is now one rule that looks for any of the following attachment types: # # ade, adp, asd, asf, asx, bat, chm, cli, cmd, com, cpp, diz, dll, dot, emf, # eml, exe, hlp, hsq, hta, ini, js, jse, lnk, mda, mdb, mde, mdw, msi, msp, # nws, ocx, pif, pl, pm, pot, pps, ppt, reg, rtf, scr, shs, swf, sys, vb, # vbe, vbs, vcf, vxd, wmd, wmf, wms, wmz, wpd, wpm, wps, wpz, wsc, wsf, wsh, # xlt, xlw # What I mean to ask - Snort will detect virus content, or no??? And btw, where is that "one rule" which the file talks about? Thanks... ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- virus.rules file Pratik Narang (Sep 04)
- Re: virus.rules file Joel Esler (Sep 04)