[Snort-users] Office application cause false Nachi signature

Brian bmc at ...950...
Thu Dec 11 15:35:42 EST 2003

On Thu, Dec 11, 2003 at 01:02:32PM -0500, Elijah Savage wrote:
> I know that the snort virus signatures are not being maintained but I
> was told this morning that one of the applications in Microsoft Office
> which they thought it was outlook, that if you have it setup a certain
> way something to do with calendaring that it would actually generate the
> same icmp traffic that NACHI does which would cause false alarms in
> snort if you were using this. I have looked all over Google and this
> mailing list but I can't find anything he mentioned that it came from
> this mailing list.
> Can anyone verify and let me know which application?

I've never heard of setting up microsoft applications on a host would
make the host act like it was infected by a worm.  That is, other than
actually infecting the host with a worm.  


More information about the Snort-users mailing list