[***] Results from Oinkmaster started Wed Nov 17 20:00:12 2004 [***]
[///] Modified active rules: [///]
-> Modified active in bleeding-virus.rules (1):
old: alert tcp $HOME_NET any -> any 25 (msg:"BLEEDING-EDGE Probable
Zafi Virus Outbound via SMTP"; content:"TVqQAAMAAAAEAAAAUEUAAEwBAgBG";
content:"AAAAAAAADgAA8BCwEAAAAuAAAAOgAAAAAAAPu+"; distance:6;
classtype:misc-activity; sid:2000310; rev:1;)
new: alert tcp $HOME_NET any -> any 25 (msg:"BLEEDING-EDGE VIRUS
Probable Zafi Virus Outbound via SMTP"; content:"TVqQAAMAAAAEAAAAUEUAAEwBAgBG";
content:"AAAAAAAADgAA8BCwEAAAAuAAAAOgAAAAAAAPu+"; distance:6;
classtype:misc-activity; sid:2000310; rev:2;)
[---] Removed rules: [---]
-> Removed from bleeding-policy.rules (1):
alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"BLEEDING-EDGE
TELNET access"; flow:from_server,established; content:"|FF FD 18|"; rawbytes;
content:"|FF FD 27|"; rawbytes; reference:arachnids,08;
reference:cve,CAN-1999-0619; classtype:not-suspicious; sid:2000002; rev:7;)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (1):
2000310 || BLEEDING-EDGE VIRUS Probable Zafi Virus Outbound via SMTP
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (2):
2000002 || BLEEDING-EDGE TELNET access || cve,CAN-1999-0619 ||
arachnids,08
2000310 || BLEEDING-EDGE Probable Zafi Virus Outbound via SMTP
[*] Added files: [*]
None.
-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
