[Snort-sigs] correction and new rule about keyloggers
nigel at ...2981...
Fri May 26 05:04:29 EDT 2006
On 0, Chich Thierry <thierry.chich at ...2579...> wrote:
> The first rule I have sent was a little buggy. A "|" was lacking. Thanks to
> alert tcp $HOME_NET any -> any 25 (msg:"LOCAL TEST - elitekeylogger v1.0
> report"; flow:established;content:"MAIL FROM|3a|<logs at ...3219...>";
Is there a space between the ":" and the <logs... in that Mail From
Darkness is not the absence of light.
It is the presence of Vin Diesel.
More information about the Snort-sigs