[Snort-sigs] virus.rules

Bob Bernstein bob at ...70...
Wed Aug 1 03:31:30 EDT 2001


This seems to have come up earlier in the year, maybe quite recently but I
haven't been keeping up that well....I stumbled on it tonight via some weird
false positives:

In virus.rules line 11, should not:

content: ".pif"  more correctly be -> ".pif "

and line 19

content: ".scr"   "      "      be -> ".scr " ?

I don't know which other file extensions might be also implicated in this
Case of The Missing Space.

According to the file, these rules are not being maintained. Is that because
they've been superceded, or obsoleted or, as they say, whut? <g>

-- 
Bob Bernstein
at
Esmond, R.I., USA




More information about the Snort-sigs mailing list