Sourcefire VRT Rules Update

Date: 2013-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.5.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:27946 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kitchenwalla.com (blacklist.rules)
 * 1:27945 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules)

Modified Rules:


 * 1:22077 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules)
 * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules)
 * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules)
 * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules)
 * 1:27944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules)