[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-12-01

Research research at ...435...
Thu Dec 1 13:42:49 EST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
attack-responses, backdoor, bad-traffic, botnet-cnc, deleted, dos,
exploit, file-identify, netbios, oracle, rservices, scada, smtp,
specific-threats, spyware-put, web-activex, web-client and web-php rule
sets to provide coverage for emerging threats from these technologies.

The Sourcefire VRT has added and modified multiple rules in the
attack-responses, backdoor, bad-traffic, botnet-cnc, deleted, dos,
exploit, file-identify, netbios, oracle, rservices, scada, smtp,
specific-threats, spyware-put, web-activex, web-client and web-php rule
sets to provide coverage for emerging threats from these technologies.

Note:
The fileidentify flowbit group has been removed. This could lead to your
local rules no longer working. You must modify local rules using this
flowbit group before you can use them in policies.

For example, if you have a rule that uses the fileidentify flowbit group
with the following set of options:

  flowbits:set,http.mpeg,fileidentify;

You must remove the fileidentify group name for the rule to continue
working. The modified rule would then contain the following:

  flowbits:set,http.mpeg;

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-12-01.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFO18qpaBoqZBVJfwMRAgSWAJ9iN4wPH+y+nANXkJwVvyRd5M02HQCgnz4P
cg8dU17r83woOB/MC3V3BVo=
=AcRR
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list