[Snort-sigs] Evaman Worm Sig

Matthew Jonkman matt at ...2436...
Mon Jul 5 21:55:08 EDT 2004

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: BLEEDING-EDGE VIRUS 
Possible Evaman Worm Outbound"; pcre: 
reference:url,secunia.com/virus_information/10429/evaman; sid:2000343; 

Posted by sooshie. Thanks

Don't know about accuracy yet as I haven't an outbreak here to check 
against. But it doesn't break snort. :)

If you get any hots on it please let us know. This is posted to bleeding 
as well.


More information about the Snort-sigs mailing list