List Info

Thread: RBN codec drop sig
RBN codec drop sig
country flaguser name
United States		 2007-12-11 21:13:46 
I'm testing a simple sig for Firefox Firekeeper for
use on my kids computers.  The allowed syntax is
slightly different:

drop(url_re:"/.codec$|.exe$/i";
reference:url,www.bleedingthreats.net;)

On my LAN, it silently drops many of the RBN fake
codec malware files.  Can any of you test this to
validate that it is not one of my other security
applications doing the dropping?

Thank you,

James

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
Re: RBN codec drop sig
country flaguser name
United States		 2007-12-12 22:13:35 
James,
You attempting to drop all files with the extensions: EXE or
CODEC, is
that right?
I'll get around to testing this before the end of the week
and let you
know how it goes.

Blake



Jim McQuaid wrote:
> I'm testing a simple sig for Firefox Firekeeper for
> use on my kids computers.  The allowed syntax is
> slightly different:
>
> drop(url_re:"/.codec$|.exe$/i";
> reference:url,www.bleedingthreats.net;)
>
> On my LAN, it silently drops many of the RBN fake
> codec malware files.  Can any of you test this to
> validate that it is not one of my other security
> applications doing the dropping?
>
> Thank you,
>
> James
>   

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )