Re: SID 19253, WEB-CLIENT Adobe Reader malicious language.engtesselate.ln file download attempt

[Joel Esler <jesler () sourcefire com>]

Shawn,

Update your rules to the ones that came out today.

Joel

On Jun 16, 2011, at 5:41 PM, Jefferson, Shawn wrote:

> Seeing a lot of false positives on this… and not in PDF files at all.  Seeing falses from news sites, in cookies, 
> etc..
>  
> --
> Shawn Jefferson, Team Lead Security and Server Services, GCIH, GCFA
> British Columbia Ferry Services Inc.
> Tel: (250) 978-1508
> Fax: (250) 405-3533
> Shawn.Jefferson () bcferries com | www.bcferries.com
>  
>  
>  
> ------------------------------------------------------------------------------
> EditLive Enterprise is the world's most technically advanced content
> authoring tool. Experience the power of Track Changes, Inline Image
> Editing and ensure content is compliant with Accessibility Checking.
> http://p.sf.net/sfu/ephox-dev2dev_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please see http://www.snort.org/docs for documentation

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation