[Snort-users] Simple problem with virus.rules line 16 (cvs)
cpw at ...440...
Thu Jan 3 11:00:01 EST 2002
On Thu, Jan 03, 2002 at 11:17:02AM -0500, Brian wrote:
> According to Phil Wood:
> > patch is:
> > -alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722; classtype:misc-activity; rev:3;)
> > +alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722; classtype:misc-activity; rev:3;)
> ident virus.rules please.
I've been trusting the cvs for snort-1.8.3. I see now that the version is
# $Id: virus.rules,v 1.11 2001/12/04 06:55:11 fygrave Exp $
Version 1.9-dev has:
# $Id: virus.rules,v 1.12 2001/12/12 17:52:14 cazz Exp $
I'll look there from now on.
> This was fixed in 1.12 at 2001/12/12 17:52:14.
> A complete lack of evidence is the surest sign that the conspiracy is working.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users