Sourcefire VRT Rules Update

Date: 2008-08-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
13982 <-> WEB-CLIENT Microsoft Powerpoint file download attempt (web-client.rules)
13983 <-> WEB-CLIENT Microsoft Office eps file download (web-client.rules)

Updated rules:
7981 <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX clsid access (web-client.rules)
7982 <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX clsid unicode access (web-client.rules)
13903 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX clsid access (web-client.rules)
13904 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX clsid unicode access (web-client.rules)
13905 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX function call access (web-client.rules)
13906 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 1 ActiveX function call unicode access (web-client.rules)
13907 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX clsid access (web-client.rules)
13908 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX clsid unicode access (web-client.rules)
13909 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX function call access (web-client.rules)
13910 <-> WEB-CLIENT Microsoft Access Snapshot Viewer 2 ActiveX function call unicode access (web-client.rules)
13948 <-> DNS large number of NXDOMAIN replies - possible DNS cache poisoning (dns.rules)
13949 <-> DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (dns.rules)