[Snort-sigs] Klez worm rule?

bthaler at ...572... bthaler at ...572...
Tue Apr 30 13:20:55 EDT 2002


Does anyone have a good rule for the Klez worm and it's variants?  I could make one based on the subject of the infected email, but
it would take possibly 20 rules or more to catch all of the variations.  This method would also trigger a large number of false
positives, no doubt.

I was hoping someone has a better rule in place.



Regards,
Brad T.





More information about the Snort-sigs mailing list