On Fri, September 15, 2006 4:34 pm, John D. Hardin said: > On Fri, 15 Sep 2006, Ken A wrote: > >> Seems like testing for "DirectAnimation.PathControl" would be a good >> idea.. Any thoughts on this? >> >> full LOCAL_09152006_0_DAY /DirectAnimation.PathControl/i >> describe LOCAL_09152006_0_DAY DirectAnimation.PathControl object code >> score LOCAL_09152006_0_DAY 10 > > Methinks there should be a SARE ruleset for exploits like this, so > that RDJ/sa-update can keep it current without a lot of effort... > > There might be some more context needed on that to prevent FPs; I'd > hate to have a rule like that hide discussion of it on an exploits > mailing list, for example.
header VIRUS_DETECTED X-Virus-Status =~ /\bYes\b/i describe VIRUS_DETECTED Virus scanner detected a virus. score VIRUS_DETECTED 10 ;) Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
