Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Found some virus on snortrules-snapshot-2983.tar.gz

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Sat, 19 Sep 2020 16:16:50 +0000
Detection content detecting detection content. 

Since we make ClamAV too, I’ll talk to our malware team. 

Sent from my  iPhone


On Sep 19, 2020, at 06:37, Deepan Babu <pdeepanbabu () gmail com> wrote:

 Dear Team,

ClamAv detected some of the files on latest snortrules-snapshot-2983.tar.gz . Please find the clamAV report for your 
reference

 '/etc/snort/rules/rules/file-flash.rules: Html.Exploit.CVE_2015_0346-1 FOUND',
 '/etc/snort/rules/rules/pua-other.rules: Js.Coinminer.Moonify-6508852-2 FOUND',
 '/etc/snort/rules/rules/browser-plugins.rules: Win.Exploit.CVE_2012_1889-3 FOUND',
 '/etc/snort/rules/rules/exploit-kit.rules: Html.Trojan.Blackhole-65 FOUND',
 '/etc/snort/rules/rules/indicator-compromise.rules: Xml.Dropper.PowMet-7374885-1 FOUND',
 '/etc/snort/rules/rules/deleted.rules: Win.Exploit.CVE_2012_1889-13 FOUND',
 '/etc/snort/rules/rules/browser-ie.rules: Html.Exploit.CVE_2013_1308-1 FOUND',
 '/etc/snort/rules/rules/malware-cnc.rules: Win.Trojan.Graftor-5726 FOUND',
 '/etc/snort/rules/rules/browser-chrome.rules: Win.Exploit.CVE_2017_11930-6389655-0 FOUND',
 '/etc/snort/rules/rules/browser-firefox.rules: Html.Exploit.CVE_2011_0065-1 FOUND',
 '/etc/snort/rules/rules/file-other.rules: Win.Exploit.CVE_2018_15995-6783090-2 FOUND',
 '/etc/snort/rules/rules/server-webapp.rules: Xml.Exploit.CVE_2020_1147-8805206-0 FOUND',
 '/etc/snort/rules/rules/file-pdf.rules: Pdf.Exploit.CVE_2016_1092-2 FOUND'


Regards,
Deepan.

Attachment: smime.p7s
Description: 

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: