Home > IT Answers > Security > SNORT RULES
Bred85
0 pts.
 SNORT RULES
Intrusion management
I am trying to define a snort rule that will detect the word "spam" in the subject field of an email. So far I have tried alert tcp any any -> any 25 (content:"Spam" nocase; msg:"Email traffic logged!";) But this is not filtering out only the emails that I want. ANy help would be much appreciated. Thanks.

Software/Hardware used:
ASKED: April 5, 2005  9:32 AM
UPDATED: April 5, 2005  1:54 PM
RELATED QUESTIONS
Answer Wiki:
First off, you'd probably be better off by joining the Snort users email list at sourceforge.net. Yours is a common type of question there. Secondly, I'm curious as to what you hope to accomplish by doing this. I use Snort myself, but my rule-writing is weak at this point. Bob
Last Wiki Answer Submitted:  April 5, 2005  1:43 pm  by  Bobkberg   1,070 pts.
All Answer Wiki Contributors:  Bobkberg   1,070 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

First off, you’d probably be better off by joining the Snort users email list at sourceforge.net. Yours is a common type of question there.

Secondly, I’m curious as to what you hope to accomplish by doing this.

I use Snort myself, but my rule-writing is weak at this point.

Bob

Bobkberg
 1,070 pts.