Snort mailing list archives
.exe
From: tarik shalo <tarikshalo () gmail com>
Date: Sat, 4 May 2013 14:46:38 +0300
Hello, I wrote the following rule to test if Snort fires when any executable files are downloaded. However, the rule is not firing for some reason. Any help or other option to accomplish the same goal, pls? alert any any -> any any (msg: ".exe found"; flow:to_server,established; content:".exe"; nocase;classtype:policy-violation;sid:10000056;rev:1; ) -Shalo
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!