[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-11-02

Research research at ...435...
Wed Nov 2 14:52:51 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
backdoor, blacklist, chat, deleted, dos, exploit, file-identify, ftp,
misc, multimedia, policy, specific-threats, spyware-put, web-activex
and web-misc rule sets to provide coverage for emerging threats from
these technologies.

This release introduces the file-identify.rules category. The purpose
of this category is to standardize the structure of rules that set a
flowbit used to identify file downloading activities.  A new port
variable, FILE_DATA_PORTS, accompanies this category and contains a
ports list used by these rules to identify the download of file types.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-11-02.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFOsZGDaBoqZBVJfwMRAqX4AJ4jchfS5BpF8ZjUB4wUPcioOGSZCwCeMycW
xi+YlYRXmUQ3E1dO82lUll8=
=V3vo
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list