Versions (4)
Version DetailsCurrent
Rev: 8 • Jul 30, 2010, 12:00 PMET POLICY Possible Trojan File Download bad rar file header (not a valid rar file)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file)"; flow:established,to_client; http.content_type; content:"application|2f|octet-stream"; startswith; http.response_body; content:"|52 61 72 21|"; startswith; fast_pattern; content:!"|1a 07|"; within:2; reference:url,en.wikipedia.org/wiki/RAR_(file_format); classtype:bad-unknown; sid:2008782; rev:8; metadata:attack_target Client_and_Server, created_at 2010_07_30, deployment Perimeter, deprecation_reason Age, confidence Low, signature_severity Minor, updated_at 2024_05_02, reviewed_at 2024_05_02; target:dest_ip;)
Jul 30, 2010, 12:00 PM
May 2, 2024, 12:00 PM
Jul 30, 2010, 12:00 PM
Sep 13, 2024, 3:01 PM
rules/emerging-policy.rules