[Snort-sigs] Bleeding rules virus and threshold issue

Frank Knobbe frank at ...1978...
Mon Feb 21 16:22:00 EST 2005


On Mon, 2005-02-21 at 17:21 -0700, James Lay wrote:
> The latest bleeding-rules.tar.gz has:
> 
> [17:14:02 jlay at ...2996...:~/temp/rules$] ls -l
> total 364
> -rw-r--r--  1 jlay users  7981 Feb 21 14:07 bleeding-attack_response.rules
> -rw-r--r--  1 jlay users 10341 Feb 21 14:07 bleeding-custom.rules
> -rw-r--r--  1 jlay users  5367 Feb 21 14:07 bleeding-dos.rules
> -rw-r--r--  1 jlay users 35208 Feb 21 14:07 bleeding-exploit.rules
> -rw-r--r--  1 jlay users  6170 Feb 21 14:07 bleeding-inappropriate.rules
> -rw-r--r--  1 jlay users 92935 Feb 21 14:07 bleeding-malware.rules
> -rw-r--r--  1 jlay users  9530 Feb 21 14:07 bleeding-p2p.rules
> -rw-r--r--  1 jlay users 31019 Feb 21 14:07 bleeding-policy.rules
> -rw-r--r--  1 jlay users  5856 Feb 21 14:07 bleeding-scan.rules
> -rw-r--r--  1 jlay users 72015 Feb 21 14:07 bleeding-sid-msg.map
> -rw-r--r--  1 jlay users 46488 Feb 21 14:07 bleeding-virus.rules
> -rw-r--r--  1 jlay users 15317 Feb 21 14:07 bleeding-web.rules
> -rw-r--r--  1 jlay users  2117 Feb 21 14:07 bleeding.rules
> 
> Didn't see an *all* rules file, so I don't think that's my issue.  Thanks
> though =)

Yeah, there it is. It's names "bleeding.rules" (my bad, I thought it was
bleeding-all.rules).

Just don't include bleeding.rules and you should be in good shape.

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050221/6fe7ab66/attachment.sig>


More information about the Snort-sigs mailing list