Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Found some virus on snortrules-snapshot-2983.tar.gz

From: Deepan Babu via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 1 Oct 2020 21:13:10 +0800
Thanks for the confirmation.


On 1 Oct 2020, at 8:35 PM, Joel Esler (jesler) <jesler () cisco com> wrote:

The file is not infected.  Some of the detection logic is the same.  Therefore the ClamAV signatures detect the 
content in the Snort rules.


On Oct 1, 2020, at 7:25 AM, Deepan Babu <pdeepanbabu () gmail com <mailto:pdeepanbabu () gmail com>> wrote:

Hey Joel,

Just want to understand the status of this conversation as well as this file was really infected or clamAV detected 
wrong?

Regards,
Deepan.


On 20 Sep 2020, at 12:25 AM, Deepan Babu <pdeepanbabu () gmail com <mailto:pdeepanbabu () gmail com>> wrote:

Sounds good.  

Thanks,
Deepan

On Sun, Sep 20, 2020, 12:16 AM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote:
Detection content detecting detection content. 

Since we make ClamAV too, I’ll talk to our malware team. 

Sent from my  iPhone


On Sep 19, 2020, at 06:37, Deepan Babu <pdeepanbabu () gmail com <mailto:pdeepanbabu () gmail com>> wrote:

 Dear Team,

ClamAv detected some of the files on latest snortrules-snapshot-2983.tar.gz 
<https://www.snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz> . Please find the clamAV report for 
your reference

 '/etc/snort/rules/rules/file-flash.rules: Html.Exploit.CVE_2015_0346-1 FOUND',
 '/etc/snort/rules/rules/pua-other.rules: Js.Coinminer.Moonify-6508852-2 FOUND',
 '/etc/snort/rules/rules/browser-plugins.rules: Win.Exploit.CVE_2012_1889-3 FOUND',
 '/etc/snort/rules/rules/exploit-kit.rules: Html.Trojan.Blackhole-65 FOUND',
 '/etc/snort/rules/rules/indicator-compromise.rules: Xml.Dropper.PowMet-7374885-1 FOUND',
 '/etc/snort/rules/rules/deleted.rules: Win.Exploit.CVE_2012_1889-13 FOUND',
 '/etc/snort/rules/rules/browser-ie.rules: Html.Exploit.CVE_2013_1308-1 FOUND',
 '/etc/snort/rules/rules/malware-cnc.rules: Win.Trojan.Graftor-5726 FOUND',
 '/etc/snort/rules/rules/browser-chrome.rules: Win.Exploit.CVE_2017_11930-6389655-0 FOUND',
 '/etc/snort/rules/rules/browser-firefox.rules: Html.Exploit.CVE_2011_0065-1 FOUND',
 '/etc/snort/rules/rules/file-other.rules: Win.Exploit.CVE_2018_15995-6783090-2 FOUND',
 '/etc/snort/rules/rules/server-webapp.rules: Xml.Exploit.CVE_2020_1147-8805206-0 FOUND',
 '/etc/snort/rules/rules/file-pdf.rules: Pdf.Exploit.CVE_2016_1092-2 FOUND'


Regards,
Deepan.








_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: