[Snort-sigs] Magister

Chris Green cmg at ...26...
Fri Sep 14 06:10:05 EDT 2001


"berthon" <Patrick.Berthon at ...109...> writes:

> Hi !
>
> 	Anyone know how to design a rule for the
> 	"W32.Magistr.24876 at ...110..." virus aka
> 	"I-Worm.Magistr, PE_MAGISTR.A, W32.Magistr at ...110...,
> W32.Magistr.24876.int, W32/Disemboweler, W32.Magistr.corrupt,
> W32/Magistr-A" ?
>

Look at the rules currently shipping with snort and packet traces of
network traffic for this virus.  Look at the Snort Documentation on
www.snort.org or the pdf shipping with snort for more detail on how to
write snort rules.

-- 
Chris Green <cmg at ...26...>
You now have 14 minutes to reach minimum safe distance.




More information about the Snort-sigs mailing list