|
|
|||||||
| Home | Documentation | Download | Latest Rule File | Rule Database | Mailing List | Contact | ||
Rule Database ( GID24 )
| ID | GID24 |
| Revision | 1 |
| Name | WindowsExtension |
| Type | requestUriPath |
| Pattern | \.(com|exe|dll|ida)$ |
| Condition | match |
| Case Sensitive | no |
| Log | yes |
| Action | block |
| Command | %req% |
| Description | Triggers when an access to windows file extensions ( COM, EXE, DLL, or IDA ) is detected. These extensions are used by IIS worms. If you use IIS, you should not activate this rule because it may generate many false positives. ( nimda, code red, codered ) |
| Credit | Kanatoko |
| Signature |