Sourcefire VRT Update

Date: 2006-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

 Updated rules:
 5321 - VIRUS Possible Sober virus set one NTP time check attempt (virus.rules)
 5322 - VIRUS Possible Sober virus set two NTP time check attempt (virus.rules)
 5323 - VIRUS Possible Sober virus set three NTP time check attempt (virus.rules)
 
 New rules:
 2519 - DELETED SMTP Client_Hello overflow attempt (deleted.rules)
 2538 - DELETED SMTP SSLv3 Client_Hello request (deleted.rules)
 2539 - DELETED SMTP SSLv3 Server_Hello request (deleted.rules)
 2540 - DELETED SMTP SSLv3 invalid Client_Hello attempt (deleted.rules)
 3060 - DELETED WEB-MISC TLS1 Client_Hello with pad via SSLv2 handshake request (deleted.rules)
 5320 - VIRUS Possible Sober virus set one call home attempt (virus.rules)
 5324 - VIRUS Possible Sober virus set two call home attempt (virus.rules)