[Snort-users] virus.rules file
pratik.cse.bits at ...11827...
Tue Sep 4 06:08:06 EDT 2012
Just a quick thought...
Why does virus.rules file say-
# VIRUS RULES
# We don't care about virus rules anymore. BUT, you people won't stop asking
# us for virus rules. So... here ya go.
# There is now one rule that looks for any of the following attachment types:
# ade, adp, asd, asf, asx, bat, chm, cli, cmd, com, cpp, diz, dll, dot, emf,
# eml, exe, hlp, hsq, hta, ini, js, jse, lnk, mda, mdb, mde, mdw, msi, msp,
# nws, ocx, pif, pl, pm, pot, pps, ppt, reg, rtf, scr, shs, swf, sys, vb,
# vbe, vbs, vcf, vxd, wmd, wmf, wms, wmz, wpd, wpm, wps, wpz, wsc, wsf, wsh,
# xlt, xlw
What I mean to ask - Snort will detect virus content, or no???
And btw, where is that "one rule" which the file talks about?
More information about the Snort-users