[Snort-sigs] virus rules

Lucian Vanghele lucian.vanghele at ...182...
Sat Nov 3 03:12:03 EST 2001


hi there
I have some probls with a virus js.exception.exploit (which is supposes to send mass mails all over the world) and I want to add a rule for outgoing mails 
all rules are for incoming mails and very few for outgoing.... (it is important to know if from your server some undedected virus spread its s**t)
for example how can I change this rule
alert tcp any 110 -> any any (msg:"Virus - SnowWhite Trojan Incoming"; content:"Suddlently"; sid:720; rev:1;)
to check if that virus go out from my server
 ( alert tcp any any -> any 25 (msg:"Virus - SnowWhite Trojan Incoming"; content:"Suddlently"; sid:720; rev:1;) I think so but not sure...)


thanx

Lucian Vanghele,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20011103/b03d00ad/attachment.html>


More information about the Snort-sigs mailing list