[Snort-users] Simple problem with virus.rules line 16 (cvs)

Brian bmc at ...950...
Thu Jan 3 16:54:04 EST 2002


According to Phil Wood:
> On Thu, Jan 03, 2002 at 11:17:02AM -0500, Brian wrote:
> > According to Phil Wood:
> > > patch is:
> > 
> > > -alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE""; nocase; sid:722;  classtype:misc-activity; rev:3;)
> > > +alert tcp any 110 -> any any (msg:"Virus - Possible NAVIDAD Worm"; content: "NAVIDAD.EXE"; nocase; sid:722;  classtype:misc-activity; rev:3;)
> > 
> > ident virus.rules please.
> 
> Sorry,
> 
> I've been trusting the cvs for snort-1.8.3.  I see now that the version is
> old:
> 
>   # $Id: virus.rules,v 1.11 2001/12/04 06:55:11 fygrave Exp $
> 
> Version 1.9-dev has:
> 
>   # $Id: virus.rules,v 1.12 2001/12/12 17:52:14 cazz Exp $
> 
> I'll look there from now on.

doh.  Didn't realize people where tracking that. 

I'll start syncing rule changes to the other tree as well.  Give me a
couple of days to get it up and running.

-- 
The product of the IQs of each member of a tech-support conversation is 
a constant. -- Michael Driscoll





More information about the Snort-users mailing list