[Snort-users] VIRUS OUTBOUND .pif file attachment

Brian bmc at ...950...
Thu Sep 4 19:03:13 EDT 2003


On Thu, Sep 04, 2003 at 11:12:35AM -0700, Stevo wrote:
> Got a questions about the [snort] VIRUS OUTBOUND .pif file attachment rule.
> I'm seeing a billion of these in my logs and don't really understand the
> rule.  My mail server is 63.145.201.15 and from the rule it appears that my
> mail server is connecting to other mail servers on port 25 and Snort is
> picking up that I'm sending a .pif file attachment.

If you set SMTP_SERVERS, then it will only look for oubound .pif emails.

-brian




More information about the Snort-users mailing list