cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
283
Views
0
Helpful
1
Replies

Bagle virus IDS Signatures

WAgble
Level 1
Level 1

Are the following bagle IDS signatures heuristic or string based?

S117 SIGNATURE UPDATE DETAILS

NEW FEATURES

There are no new features in this update.

NEW SIGNATURES

SIGID SIGNAME

3113.0 Email Attachment with Malicious Payload 3113.1 Email Attachment with Malicious Payload

S113 SIGNATURE UPDATE DETAILS

NEW FEATURES

There are no new features in this update.

NEW SIGNATURES

SIGID SIGNAME

3140.13 Bagle Virus Activity

Would they detect all the variants of the Bagle virus? Specifically will they detect the W32/Bagle.az(McAfee), W32.Beagle.AR@mm(Symantec)?

1 Reply 1

micballa
Level 1
Level 1

You can see what variants of the Bagle virus are covered at the following URL: http://www.cisco.com/cgi-bin/front.x/csec/getIDSInfo.pl?SIG_ID=3140&SIG_SUB_ID=0

There generally is a different subsig for each variant.