November 2nd, 2011

This release adds and modifies rules in several categories.


The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, chat, deleted, dos, exploit, file-identify, ftp, misc, multimedia, policy, specific-threats, spyware-put, web-activex and web-misc rule sets to provide coverage for emerging threats from these technologies.

This release introduces the file-identify.rules category. The purpose of this category is to standardize the structure of rules that set a flowbit used to identify file downloading activities. A new port variable, FILE_DATA_PORTS, accompanies this category and contains a ports list used by these rules to identify the download of file types.