Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2169 |
| Message | VIRUS OUTBOUND .dll file attachment |
| Summary | This event is generated when a possible outgoing virus is detected. |
| Impact | Informational event. An virus on an infected host may be attempting to propogate. |
| Detailed Information | This event indicates that an outgoing email message possibly containing a virus has been detected. This rule generates an event when a filename extension commonly used by viruses is detected. |
| Affected Systems | Any host. |
| Attack Scenarios | This is indicative of a virus infection. |
| Ease of Attack | Simple. |
| Corrective Action | Check the host for signs of virus infection. |
| Additional References |
--
DID:712391
--
http://www.aanval.com/