This is correct. This Snort signature is looking for a string match of the MIME-encoded virus. It's not looking for raw hexidecimal values. Your custom signature "should" detect the virus as an email attachment, assuming the person who submitted the signature knew what they were doing. No guarantees. Double check the Snort pattern match with your custom signature regex to be sure.
I have a follow up question. I'm a little new to the IDS MC. Would you add a custom string under settings =>signatures => string match=> add? Would I paste the line "Engine STRING.TCP SIGID 20016 AlarmThrottle FireOnce Direction ToService MinHits 1 RegexString CwEGAAAgAQAAEAAAAOAGACABCAAA8AYAABAIAAAAQAAAEAAAAAIAAAQAAAAA ResetAfterIdle 15 ServicePorts 25 ThrottleInterval 15 SigName BugBear B SMTP Worm Propagation" into the string box? Do I have to set the port to 139? If I were being attacked would I see it in the event viewer? Can i pull a report for this custom signature so I can see who is attacking?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...