[Snort-users] msg update for these, please?

waldo kitty wkitty42 at ...14940...
Tue Sep 28 16:06:18 EDT 2010


On 9/28/2010 15:55, Alex Kirk wrote:
> Well-put, Shawn. I just updated 16425 (for the next SEU, anyway) to read
> "WEB-CLIENT request for Portable Executable binary file", that should do the trick.

that is better and i guess it will do for now... i would hesitate to call all 
.exe files Portable Executable binaries, though... i have a whole slew of .exes 
here that are not PE... granted, they are compiled with the old Turbo/Borland 
Pascal 6 but they still fit the "mask" given ;)

>
> On Tue, Sep 28, 2010 at 3:45 PM, Jefferson, Shawn <Shawn.Jefferson at ...14448...
> <mailto:Shawn.Jefferson at ...14448...>> wrote:
>
>     Maybe something along the lines of:
>
>     WEB-CLIENT Request for exe file
>
>     and
>
>     WEB-CLIENT Portable Executable binary file transfer
>
>     which would explain what’s happening a little better, and avoid potential
>     confusion hopefully.
>
>     --------------------------------------------------------------------------------
>
>     *From:* Alex Kirk [mailto:akirk at ...1935... <mailto:akirk at ...1935...>]
>     *Sent:* Tuesday, September 28, 2010 11:00 AM
>     *To:* wkitty42 at ...14940... <mailto:wkitty42 at ...14940...>
>     *Cc:* snort-users at lists.sourceforge.net
>     <mailto:snort-users at lists.sourceforge.net>
>     *Subject:* Re: [Snort-users] msg update for these, please?
>
>     Actually, they both look for PE files headed towards a client - the first
>     looks for the PE signature itself coming down, the second for a request for
>     a .exe.
>
>     Duplicate messages are generally no fun, though, so how about making the
>     second one "WEB-CLIENT Portable Executable binary file transfer - .exe in URI"?
>
>     On Tue, Sep 28, 2010 at 1:48 PM, waldo kitty <wkitty42 at ...14940...
>     <mailto:wkitty42 at ...14940...>> wrote:
>
>
>     can we get a MSG update for these, please??
>
>     OLD:
>     15306   WEB-CLIENT Portable Executable binary file transfer
>     16425   WEB-CLIENT Portable Executable binary file transfer
>
>     NEW:
>     15306   WEB-CLIENT Portable Executable binary file transfer to client
>     16425   WEB-CLIENT Portable Executable binary file transfer to server
>
>     or some such?
>
>     thanks!





More information about the Snort-users mailing list