Sourcefire VRT Rules Update
Date: 2009-07-01
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15575 <-> WEB-CLIENT WordPerfect file download (web-client.rules, Low) 15576 <-> CHAT MSN Messenger web client login (chat.rules, High) 15577 <-> CHAT MSN Messenger web client activity (chat.rules, High) 15578 <-> SPECIFIC-THREATS Slowloris http DoS tool (specific-threats.rules, Medium) 15579 <-> SPECIFIC-THREATS Squid NTLM fakeauth_auth Helper denial of service attempt (specific-threats.rules, Medium) 15580 <-> SPECIFIC-THREATS Squid oversized reply header handling exploit attempt (specific-threats.rules, Medium) 15581 <-> NETBIOS Samba wildcard filename matching denial of service attempt (netbios.rules, Medium) 15582 <-> WEB-MISC ARJ format file download attempt (web-misc.rules, Low) 15583 <-> WEB-CLIENT F-Secure AntiVirus library heap overflow attempt (web-client.rules, High)
