Snort mailing list archives
Re: Found some virus on snortrules-snapshot-2983.tar.gz
From: Deepan Babu via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 1 Oct 2020 21:13:10 +0800
Thanks for the confirmation.
On 1 Oct 2020, at 8:35 PM, Joel Esler (jesler) <jesler () cisco com> wrote: The file is not infected. Some of the detection logic is the same. Therefore the ClamAV signatures detect the content in the Snort rules.On Oct 1, 2020, at 7:25 AM, Deepan Babu <pdeepanbabu () gmail com <mailto:pdeepanbabu () gmail com>> wrote: Hey Joel, Just want to understand the status of this conversation as well as this file was really infected or clamAV detected wrong? Regards, Deepan.On 20 Sep 2020, at 12:25 AM, Deepan Babu <pdeepanbabu () gmail com <mailto:pdeepanbabu () gmail com>> wrote: Sounds good. Thanks, Deepan On Sun, Sep 20, 2020, 12:16 AM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote: Detection content detecting detection content. Since we make ClamAV too, I’ll talk to our malware team. Sent from my iPhoneOn Sep 19, 2020, at 06:37, Deepan Babu <pdeepanbabu () gmail com <mailto:pdeepanbabu () gmail com>> wrote: Dear Team, ClamAv detected some of the files on latest snortrules-snapshot-2983.tar.gz <https://www.snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz> . Please find the clamAV report for your reference '/etc/snort/rules/rules/file-flash.rules: Html.Exploit.CVE_2015_0346-1 FOUND', '/etc/snort/rules/rules/pua-other.rules: Js.Coinminer.Moonify-6508852-2 FOUND', '/etc/snort/rules/rules/browser-plugins.rules: Win.Exploit.CVE_2012_1889-3 FOUND', '/etc/snort/rules/rules/exploit-kit.rules: Html.Trojan.Blackhole-65 FOUND', '/etc/snort/rules/rules/indicator-compromise.rules: Xml.Dropper.PowMet-7374885-1 FOUND', '/etc/snort/rules/rules/deleted.rules: Win.Exploit.CVE_2012_1889-13 FOUND', '/etc/snort/rules/rules/browser-ie.rules: Html.Exploit.CVE_2013_1308-1 FOUND', '/etc/snort/rules/rules/malware-cnc.rules: Win.Trojan.Graftor-5726 FOUND', '/etc/snort/rules/rules/browser-chrome.rules: Win.Exploit.CVE_2017_11930-6389655-0 FOUND', '/etc/snort/rules/rules/browser-firefox.rules: Html.Exploit.CVE_2011_0065-1 FOUND', '/etc/snort/rules/rules/file-other.rules: Win.Exploit.CVE_2018_15995-6783090-2 FOUND', '/etc/snort/rules/rules/server-webapp.rules: Xml.Exploit.CVE_2020_1147-8805206-0 FOUND', '/etc/snort/rules/rules/file-pdf.rules: Pdf.Exploit.CVE_2016_1092-2 FOUND' Regards, Deepan.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Re: Found some virus on snortrules-snapshot-2983.tar.gz Deepan Babu via Snort-sigs (Oct 02)
- Re: Found some virus on snortrules-snapshot-2983.tar.gz Joel Esler (jesler) via Snort-sigs (Oct 01)
- Re: Found some virus on snortrules-snapshot-2983.tar.gz Deepan Babu via Snort-sigs (Oct 02)
- Re: Found some virus on snortrules-snapshot-2983.tar.gz wkitty42--- via Snort-sigs (Oct 02)
- Re: Found some virus on snortrules-snapshot-2983.tar.gz Joel Esler (jesler) via Snort-sigs (Oct 01)