[Emerging-Sigs] RogueAV (.BKM) Sig

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Dec 31 10:02:59 HAST 2012


Yep. Will probably do 4 sigs. Will cook something up and get into QA.
Thanks!

Regards,

Will

On Mon, Dec 31, 2012 at 12:33 PM, waldo kitty <wkitty42 at windstream.net>wrote:

> On 12/31/2012 12:52, yew chuan Ong wrote:
>
>> Hi,
>>
>> I am thinking how we can put all four URI into one signature. Appreciate
>> if
>> anyone can help.
>>
>
> the only way i know would be PCRE but what are you going to anchor the
> initial content match to?
>
> what is wrong with one sig per match? have the MSGs to be the same with a
> numerical indicator which is firing or some such?
> ______________________________**_________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.**emergingthreats.net<Emerging-sigs at lists.emergingthreats.net>
> http://lists.emergingthreats.**net/mailman/listinfo/emerging-**sigs<http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs>
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreatspro.**com <http://www.emergingthreatspro.com>
> The ONLY place to get complete premium rulesets for all versions of
> Suricata and Snort 2.4.0 through Current!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121231/41f78d58/attachment-0001.html>


More information about the Emerging-sigs mailing list