[Snort-sigs] Further tweaks for the Evaman rule
matt at ...2436...
Tue Jul 6 04:54:01 EDT 2004
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE VIRUS
Possible Evaman Worm Outbound"; content:"filename="; pcre:
It was hitting on the warning emails about an evaman rule. These tweaks
should eliminate that and also add the misspelling of format to make
this more accurate.
Input welcome as always. This is up on bleeding.
More information about the Snort-sigs