[Snort-sigs] W32.Dumaru Sig
Erwin Van de Velde
erwin.vandevelde at ...1989...
Wed Oct 29 08:30:11 EST 2003
I just made this simple rule:
alert tcp any 110 -> $HOME_NET any (msg: "ALERT!!! Incoming W32/Dumaru virus
by e-mail!"; content:"Use this patch immediately"; sid: 10000010; rev: 1;)
I don't know if this is enough, but I get all W32/Dumaru at ...871... virusses in emails
with subject "Use this patch immediately"....
Any comments on that?
On Wednesday 29 October 2003 13:30, Nick Duda wrote:
> Anyone have a sig for W32.Dumaru at ...110...? Or better yet a sig to detect IRC
> Lastly, I hate to ask questions that either have been asked before or
> have a resource to look at. Does anyone know of a KB of snort sigs?
> - Nick
More information about the Snort-sigs