[Snort-users] Simple problem with virus.rules line 16 (cvs)

Phil Wood cpw at ...440...
Wed Jan 2 21:23:04 EST 2002


patch is:

--- /tmp/virus.rules    Thu Jan  3 05:20:24 2002
+++ virus.rules Thu Jan  3 05:20:37 2002
@@ -13,7 +13,7 @@
 
 alert tcp any 110 -> any any (msg:"Virus - SnowWhite Trojan Incoming"; content:"Suddlently"; sid:720;  classtype:misc-activity; rev:3;)
 alert tcp any 110 -> any any (msg:"Virus - Possible pif Worm"; content: ".pif"; nocase; sid:721;  classtype:misc-activity; rev:3;)
-alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722;  classtype:misc-activity; rev:3;)
+alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722;  classtype:misc-activity; rev:3;)
 alert tcp any 110 -> any any (msg:"Virus - Possible MyRomeo Worm"; content: "myromeo.exe"; nocase; sid:723;  classtype:misc-activity; rev:3;)
 alert tcp any 110 -> any any (msg:"Virus - Possible MyRomeo Worm"; content: "myjuliet.chm"; nocase; sid:724;  classtype:misc-activity; rev:3;)
 alert tcp any 110 -> any any (msg:"Virus - Possible MyRomeo Worm"; content: "ble bla"; nocase; sid:725;  classtype:misc-activity; rev:3;)




More information about the Snort-users mailing list