Home page logo

snort logo Snort mailing list archives

Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Wed, 3 Nov 2010 10:56:58 -0400

On Wed, 3 Nov 2010 09:44:50 -0500, infosec posts wrote:
My update routine didn't find any changes last night, and I can't find
any of these signatures in the tarballs I'm pulling this morning:

17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption
attempt (specific-threats.rules, High)
17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
17810 <-> WEB-MISC potential malware - download of server32.exe
(web-misc.rules, Medium)
17811 <-> WEB-MISC potential malware - download of svchost.exe
(web-misc.rules, Medium)
17812 <-> WEB-MISC potential malware - download of iexplore.exe
(web-misc.rules, Medium)
17813 <-> WEB-MISC potential malware - download of iprinp.dll
(web-misc.rules, Medium)
17814 <-> WEB-MISC potential malware - download of winzf32.dll
(web-misc.rules, Medium)

I pulled,, and a few minutes ago, but I didn't
find the new signatures in any of them.  Now I'm getting 403/Forbidden
on and, so I'm going to guess that you've realized you
forgot to actually include the new signatures again, and you're fixing
it now?

There's nothing to fix. All those rules are in the rule packs for 

Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]