[Snort-users] Simple problem with virus.rules line 16 (cvs)

Phil Wood cpw at ...440...
Thu Jan 3 11:00:01 EST 2002


On Thu, Jan 03, 2002 at 11:17:02AM -0500, Brian wrote:
> According to Phil Wood:
> > patch is:
> 
> > -alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722;  classtype:misc-activity; rev:3;)
> > +alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722;  classtype:misc-activity; rev:3;)
> 
> ident virus.rules please.

Sorry,

I've been trusting the cvs for snort-1.8.3.  I see now that the version is
old:

  # $Id: virus.rules,v 1.11 2001/12/04 06:55:11 fygrave Exp $

Version 1.9-dev has:

  # $Id: virus.rules,v 1.12 2001/12/12 17:52:14 cazz Exp $

I'll look there from now on.

Thanks,

> 
> This was fixed in 1.12 at 2001/12/12 17:52:14.
> 
> -- 
> A complete lack of evidence is the surest sign that the conspiracy is working.
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list