[Snort-sigs] Bleeding-Edge Virus 2001268 false positive (SWEN.A)

Rich Adamson radamson at ...908...
Tue Jul 5 14:10:15 EDT 2005

FYI, the Bleeding-Edge Virus rule 2001268 is fired when an email is
sent that has a remote SupportDesk package attached from:

snort: [1:2001268:4] BLEEDING-EDGE VIRUS SWEN.A Worm detected 
[Classification: A Network Trojan was detected]
[Priority: 1]: {TCP} ->

The exact signature in this rule does occur in this commercial software

I don't have a copy of the virus to recommend changes to this rule.


More information about the Snort-sigs mailing list