[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-11-02

infosec posts infosec.posts at ...2420...
Wed Nov 3 11:08:15 EDT 2010


I had forgotten that we have a subscription issue (organizational
problem on our side), so I'll apologize for making a false assumption.
 Thanks for the response.

On Wed, Nov 3, 2010 at 10:02 AM, Joel Esler <jesler at ...435...> wrote:
> On Wed, Nov 3, 2010 at 10:44 AM, infosec posts <infosec.posts at ...2420...>
> wrote:
>>
>> My update routine didn't find any changes last night, and I can't find
>> any of these signatures in the tarballs I'm pulling this morning:
>>
>> 17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption
>> attempt (specific-threats.rules, High)
>> 17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
>> 17810 <-> WEB-MISC potential malware - download of server32.exe
>> (web-misc.rules, Medium)
>> 17811 <-> WEB-MISC potential malware - download of svchost.exe
>> (web-misc.rules, Medium)
>> 17812 <-> WEB-MISC potential malware - download of iexplore.exe
>> (web-misc.rules, Medium)
>> 17813 <-> WEB-MISC potential malware - download of iprinp.dll
>> (web-misc.rules, Medium)
>> 17814 <-> WEB-MISC potential malware - download of winzf32.dll
>> (web-misc.rules, Medium)
>>
>>
>> I pulled 2.8.6.0, 2.8.6.1, and 2.8.9.0 a few minutes ago, but I didn't
>> find the new signatures in any of them.  Now I'm getting 403/Forbidden
>> on 2.8.6.0 and 2.8.9.0, so I'm going to guess that you've realized you
>> forgot to actually include the new signatures again, and you're fixing
>> it now?
>
>
> I am running pulledpork right this very second, and I am able to grab the
> rules file.  I'll check to see if the rules are in my build.
>
> We are doing work to the website today as well, so that may affect some
> downloads.
>
> <waiting for pulledpork to get done>
>
> Done...  grepping...
>
> Yup, they are all there for me.  Using the subscriber set.  Do you have the
> subscriber set?  Your subscription isn't expired or anything is it?
>
>>
>> --
>> Joel Esler
>
> 302-223-5974
>




More information about the Snort-sigs mailing list