Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Simple problem with virus.rules line 16 (cvs)

From: Phil Wood <cpw () lanl gov>
Date: Thu, 3 Jan 2002 11:59:03 -0700
On Thu, Jan 03, 2002 at 11:17:02AM -0500, Brian wrote:

According to Phil Wood:

patch is:



-alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722;  
classtype:misc-activity; rev:3;)
+alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722;  
classtype:misc-activity; rev:3;)


ident virus.rules please.


Sorry,

I've been trusting the cvs for snort-1.8.3.  I see now that the version is
old:

  # $Id: virus.rules,v 1.11 2001/12/04 06:55:11 fygrave Exp $

Version 1.9-dev has:

  # $Id: virus.rules,v 1.12 2001/12/12 17:52:14 cazz Exp $

I'll look there from now on.

Thanks,



This was fixed in 1.12 at 2001/12/12 17:52:14.

-- 
A complete lack of evidence is the surest sign that the conspiracy is working.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: