[Snort-sigs] SMTP versus POP3
Hugo van der Kooij
hvdkooij at ...481...
Sun Apr 28 12:55:02 EDT 2002
I noticed that most of the virus/worm rules are for POP3 traffic only. I
would expect that SMTP is even a more likely candidate for this sort of
I could not tell wether IMAP might be usefull as well but I find the lack
of SMTP signatures a bit disturbing.
PS: I know I could just copy it and change 110 into 25 but I would expect
a more permanent solution.
All email send to me is bound to the rules described on my homepage.
hvdkooij at ...481... http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
More information about the Snort-sigs