[Snort-users] virus.rules file

Pratik Narang pratik.cse.bits at ...11827...
Tue Sep 4 06:08:06 EDT 2012


Just a quick thought...
Why does virus.rules file say-

#-------------
# VIRUS RULES
#-------------
#
# We don't care about virus rules anymore.  BUT, you people won't stop asking
# us for virus rules.  So... here ya go.
#
# There is now one rule that looks for any of the following attachment types:
#
#   ade, adp, asd, asf, asx, bat, chm, cli, cmd, com, cpp, diz, dll, dot, emf,
#   eml, exe, hlp, hsq, hta, ini, js, jse, lnk, mda, mdb, mde, mdw, msi, msp,
#   nws, ocx, pif, pl, pm, pot, pps, ppt, reg, rtf, scr, shs, swf, sys, vb,
#   vbe, vbs, vcf, vxd, wmd, wmf, wms, wmz, wpd, wpm, wps, wpz, wsc, wsf, wsh,
#   xlt, xlw
#

What I mean to ask - Snort will detect virus content, or no???
And btw, where is that "one rule" which the file talks about?

Thanks...




More information about the Snort-users mailing list