SnortExtras: src/so_rules/sid_18758/sid_18758.txt

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/so_rules/sid_18758/sid_18758.txt" (23 Sep 2020, 450 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "sid_18758.txt" see the Fossies "Dox" file reference documentation.

    1 alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
    2 (
    3     msg:"FILE-IDENTIFY Microsoft Windows Visual Basic script file download request";
    4     metadata:service http;
    5     reference:url,en.wikipedia.org/wiki/Vbs;
    6     classtype:misc-activity;
    7     sid:18758;
    8     rev:8;
    9     soid:3|18758;
   10 # everything above appears in stub
   11     flow:to_server,established;
   12     http_uri;
   13     content:".vbs", nocase;
   14     pcre:"/\x2evbs([\?\x5c\x2f]|$)/smi";
   15     so:eval;
   16 )