Spyware and Web-Client Additions
April 2nd, 2008
The Sourcefire VRT has added multiple rules in the spyware-put and web-client categories to provide coverage for emerging spyware and ActiveX control threats.
As a result of ongoing research, the Sourcefire VRT has added multiple rules to the spyware-put and web-client rule sets to provide coverage for emerging threats from these technologies.
This release also contains an updated detection engine for the Sourcefire 3D System that includes the following features:
* A web interface for the DNS preprocessor that provides an alternative to the previous command line interface. This feature requires Version 4.7 or greater Sourcefire 3D System software.
* Detection support for GRE.
* Detection support for IP tunneling, for example, of IPv4 directly over IPv4.
* A CVS preprocessor that enables a rule keyword to test CVS traffic for malformed CVS entries which might be used by an attacker to force a heap overflow and execute malicious code on a CVS server.
For Assistance
- Visit the Sourcefire Customer Support site at https://support.sourcefire.com.
- Email Sourcefire Customer Support at support@sourcefire.com.
- Call Sourcefire Customer Support at 410.423.1901 or 1.800.917.4134.