[Snort-users] Office application cause false Nachi signature

Elijah Savage esavage at ...10282...
Thu Dec 11 10:03:06 EST 2003


All,

I know that the snort virus signatures are not being maintained but I
was told this morning that one of the applications in Microsoft Office
which they thought it was outlook, that if you have it setup a certain
way something to do with calendaring that it would actually generate the
same icmp traffic that NACHI does which would cause false alarms in
snort if you were using this. I have looked all over Google and this
mailing list but I can't find anything he mentioned that it came from
this mailing list.

Can anyone verify and let me know which application?





More information about the Snort-users mailing list