[Snort-sigs] Fwd: maldet alert from TCP-IDS

Scott Spangler scott.spangler at ...4244...
Mon Mar 20 12:44:39 EDT 2017


Dear Snort Signature Community:

Please see the contents below, as I wanted to bring to your attention, that
a recent Pulledpork download of Snort community-rules contained a malware
virus. The malware virus was immediately quarantined using Linux Maldect on
the Snort IDS host.

Regards,

Scott Spangler


---------- Forwarded message ----------
From: root <root at ...4245...>
Date: Fri, Mar 17, 2017 at 11:28 PM
Subject: maldet alert from TCP-IDS
To: scott.spangler at ...4244...


HOST:      TCP-IDS
SCAN ID:   170318-0328.10906
STARTED:   Mar 18 2017 03:28:48 +0000
COMPLETED: Mar 18 2017 03:28:59 +0000
ELAPSED:   11s [find: 0s]

PATH:
RANGE:         1 days
TOTAL FILES:   4
TOTAL HITS:    1
TOTAL CLEANED: 0

FILE HIT LIST:
{YARA}eval_post : /tmp/community-rules.tar.gz => /usr/local/maldetect/
quarantine/community-rules.tar.gz.2689929416
===============================================
Linux Malware Detect v1.6 < proj at ...4246... >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170320/85e89e56/attachment.html>


More information about the Snort-sigs mailing list