Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET [25,587] (msg:"ET MALWARE Asprox Fake Ximian Evolution X-Mailer Header (XimianEvolution1.4.6)"; flow:established,to_server; content:"X-Mailer|3a| XimianEvolution1.4.6"; fast_pattern; content:"|0d 0a|Content-Disposition|3a| attachment|3b|"; content:!"|0d 0a|Subject|3a| Undeliverable|3a|"; content:!"X-Barracuda-"; reference:url,techhelplist.com/index.php/tech-tutorials/41-misc/438-asprox-botnet-trojan-run-malware-spamming-1; reference:url,stopmalvertising.com/tag/asprox.html; classtype:trojan-activity; sid:2018336; rev:6; metadata:created_at 2014_03_31, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_17;)