[Snort-users] ACID errors

Steve Halligan agent33 at ...187...
Tue Sep 25 14:16:02 EDT 2001


If this is accurate and you are using ACID v0.9.6b1, you should upgrade to a
newer version.  It is up to v0.9.6b16 in CVS and b15 in tarball.
-steve


> 
> Snort Version 1.8.1-RELEASE (Build 74)
> ACID v0.9.6b1
> 
> These are the signatures (from the snort.sourcefire.com ruleset):
> web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any 
> (msg:"WEB-MISC
> readme.eml autoload attempt"; flags:A+; content:"window.open
> (\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3;
> reference:url,www.cert.org/advisories/CA-2001-26.html;)
> web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any 
> (msg:"WEB-MISC
> readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase;
> classtype:attempted-user; sid:1284; rev:3;
> reference:url,www.cert.org/advisories/CA-2001-26.html;)
> 
> Any help is greatly appreciated!
> 
> Thanks,
> pat s.
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list