Matthew Jonkman matt at ...2436...
Tue Jul 27 15:11:11 EDT 2004

We've had so many new malware and spyware rules come in that we're 
separating the malware rules to a separate rules file for organizational 

The new file is bleeding-malware.rules. It is included in the bleeding 
oinkmaster tarball.

If you're using oinkmaster to update be sure to add an include for the 
new rules in your snort.conf files.

If you're just grabbing the bleeding rules direct be sure to add a get 
for the malware set as well as add your include in snort.conf.

These changes are in effect now. The main bleeding set does not have the 
malware rules in it, so be sure to make changes on your next update if 
you're automated.

Thanks to all for the new rules. As you might guess there are a number 
of new malware rules coming in today, within the next few hours.


More information about the Snort-sigs mailing list