FILE-IDENTIFY -- Snort has detecte File Type indicators associated with packet data, which it will use to facilitate a flowbit, a method of stringing rules together. In a flowbit, one rule examines packets for file type indications, which it uses to switch rules pertaining to that file type from a dormant to active state in order to process the appropriate packets. File-type rules stay dormant to prevent alerts on innocent traffic. That same traffic, when contained in, for instance, a .doc file attached to an email, might be a threat and should be scanned.
FILE-IDENTIFY MIDI file magic detected
This rule does not generate an event. It is used in conjunction with other rules to either reduce the possibility of false positives from occurring or to track the state of a connection. Impact: None. Details: This rule does not generate an event. It is used in conjunction with other rules to either reduce the possibility of false positives from occurring or to track the state of a connection. This rule is used by the sid(s) . Ease of Attack: NA
No information provided
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None