[Snort-sigs] change msg nortan to norton on sid 2485 (snort233b14)

rmkml rmkml at ...324...
Tue Jul 12 06:59:39 EDT 2005


Hi,

please modify msg on sid 2485 :

web-client.rules:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any 
(msg:"WEB-CLIENT Nortan antivirus sysmspam.dll load attempt"; 
flow:to_client,established; content:"clsid|3A|"; nocase; 
content:"0534CF61-83C5-4765-B19B-45F7A4E135D0"; nocase; 
reference:bugtraq,9916; reference:cve,2004-0363; 
classtype:attempted-admin; sid:2485; rev:4;)

Nortan -> Norton ?

Regards
Rmkml




More information about the Snort-sigs mailing list