[Snort-sigs] Fw: virus rules
lucian.vanghele at ...182...
Sat Nov 10 04:46:01 EST 2001
I have some probls with a virus js.exception.exploit (which is supposes to send mass mails all over the world) and I want to add a rule for outgoing mails
all rules are for incoming mails and very few for outgoing.... (it is important to know if from your server some undedected virus spread its s**t)
for example how can I change this rule
alert tcp any 110 -> any any (msg:"Virus - SnowWhite Trojan Incoming"; content:"Suddlently"; sid:720; rev:1;)
to check if that virus go out from my server
( alert tcp any any -> any 25 (msg:"Virus - SnowWhite Trojan Incoming"; content:"Suddlently"; sid:720; rev:1;) I think so but not sure...)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs