[Snort-users] VIRUS OUTBOUND .pif file attachment
bmc at ...950...
Thu Sep 4 19:03:13 EDT 2003
On Thu, Sep 04, 2003 at 11:12:35AM -0700, Stevo wrote:
> Got a questions about the [snort] VIRUS OUTBOUND .pif file attachment rule.
> I'm seeing a billion of these in my logs and don't really understand the
> rule. My mail server is 126.96.36.199 and from the rule it appears that my
> mail server is connecting to other mail servers on port 25 and Snort is
> picking up that I'm sending a .pif file attachment.
If you set SMTP_SERVERS, then it will only look for oubound .pif emails.
More information about the Snort-users