Snort

Sourcefire VRT Rules Update

Date: 2009-07-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15727 <-> POLICY Attempted download of a PDF with embedded Flash (policy.rules, High)
15728 <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules, High)
15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High)