[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-11-02
research at ...435...
Wed Nov 2 14:52:51 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Snort Rules Update
This release adds and modifies rules in several categories.
The Sourcefire VRT has added and modified multiple rules in the
backdoor, blacklist, chat, deleted, dos, exploit, file-identify, ftp,
misc, multimedia, policy, specific-threats, spyware-put, web-activex
and web-misc rule sets to provide coverage for emerging threats from
This release introduces the file-identify.rules category. The purpose
of this category is to standardize the structure of rules that set a
flowbit used to identify file downloading activities. A new port
variable, FILE_DATA_PORTS, accompanies this category and contains a
ports list used by these rules to identify the download of file types.
For a complete list of new and modified rules please see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-sigs