[Snort-sigs] Problems with SID 2161
sam at ...219...
Mon Jun 23 14:56:24 EDT 2003
I don't disagree. I was surprised when I saw this signature show up when
I ran Oinkmaster, however, if all this thing is doing is identifying when
.doc files are being emailed out, then I would say it's msg is highly
I would place this signature in the Policy enforcement classification and
change the name from VIRUS OUTBOUND .doc file attachment to OUTBOUND .doc
Anyhow, my .02 for whatever it's worth.
> Yep. When .doc files are transfered via email. If you allow that,
> then turn the rule off. Be forewarned that a number of virus
> implementations use vulnerabilities in Microsoft word for propagation.
> If you want real virus protection, install a virus scanner on your
> mail server. Using snort to detect virus infections is a stop-gap at
More information about the Snort-sigs