Sourcefire VRT Rules Update

Date: 2009-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15494 <-> SMTP Suspicious JBIG2 pdf file sent from email (smtp.rules, High)
15495 <-> SMTP Suspicious JBIG2 pdf file sent by email (smtp.rules, High)
15496 <-> SMTP Suspicious JBIG2 pdf file sent through email (smtp.rules, High)
15497 <-> SMTP Suspicious JBIG2 pdf file sent with email (smtp.rules, High)

Updated rules:
13950 <-> WEB-CLIENT Sun Java Web Start JNLP attribute buffer overflow attempt (web-client.rules, High)
13982 <-> WEB-CLIENT Microsoft Powerpoint file download attempt (web-client.rules, Low)
14082 <-> BACKDOOR trojan agent.aarm runtime detection - spread via spam (backdoor.rules, High)
15359 <-> SMTP Suspicious JBIG2 pdf file sent via email (smtp.rules, High)
15360 <-> SMTP Suspicious JBIG2 pdf file sent in email (smtp.rules, High)