[Snort-users] New snort rule for WORM_NETSKY.B yet PLEASE???
mkettler at ...4108...
Wed Feb 18 09:27:05 EST 2004
At 10:15 AM 2/18/2004, Snortty wrote:
>This one seems to be getting ready, or already spread
>like the last time, any rule to apply to detect it yet?
Hardly urgent, as nobody should be using snort as a first-line-of-defense
against mail worms.. That's what putting a virus scanner on your mailserver
However, it would be handy to have a signature for this things file-share
Details on the worm can be found here
The clamAV signature for this thing is:
Which is a rather long signature to be looking for in packets via snort,
but it's a start. (note that clamav signatures are just virusname=(hex
Note: the above signature is extracted from clamav daily.cvd version 134,
and thus is likely Copyrighted with GPL licensing like the rest of clamav.
You can obtain all of clamav, and it's source code from:
More information about the Snort-users