Sourcefire VRT Rules Update

Date: 2009-02-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

Updated rules:
15357 <-> WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (web-client.rules, High)

New rules:
15358 <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules, High)
15359 <-> SMTP suspicious pdf file sent via email (smtp.rules, High)
15360 <-> SMTP suspicious pdf file sent via email (smtp.rules, High)
15361 <-> POLICY pdf file sent via email (policy.rules, High)
15362 <-> WEB-CLIENT obfuscated javascript excessive fromCharCode - potential attack (web-client.rules, Low)