alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET CURRENT_EVENTS FedEX? Spam Inbound"; flow:established,to_server; content:"name=|22|FEDEX"; nocase; content:".zip|22|"; within:47; nocase; pcre:"/name=\x22FEDEX(\s|_|\-)?[a-z0-9\-_\.\s]{0,42}\.zip\x22/i"; classtype:trojan-activity; sid:2014827; rev:2;)

Added 2012-05-30 18:24:15 UTC


Topic revision: r1 - 2012-05-30 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats