Sourcefire VRT Rules Update

Date: 2008-07-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
13883 <-> WEB-CLIENT UUSee UUUpgrade ActiveX clsid access (web-client.rules)
13884 <-> WEB-CLIENT UUSee UUUpgrade ActiveX clsid unicode access (web-client.rules)
13885 <-> WEB-CLIENT UUSee UUUpgrade ActiveX function call access (web-client.rules)
13886 <-> WEB-CLIENT UUSee UUUpgrade ActiveX function call unicode access (web-client.rules)
13903 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX clsid access (web-client.rules)
13904 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX clsid unicode access (web-client.rules)
13905 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX function call access (web-client.rules)
13906 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX function call unicode access (web-client.rules)
13907 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX clsid access (web-client.rules)
13908 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX clsid unicode access (web-client.rules)
13909 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX function call access (web-client.rules)
13910 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX function call unicode access (web-client.rules)
13911 <-> WEB-CLIENT Microsoft search file download attempt (web-client.rules)

Updated rules:
2064 <-> DELETED WEB-MISC Lotus Notes .csp script source download attempt (deleted.rules)
7981 <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX clsid access (web-client.rules)
7982 <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX clsid unicode access (web-client.rules)