TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
283
Signature ID: 2098
VIRUS OUTBOUND bad file attachment
Threat Level: Information
Signature Description: This event may indicate a possible virus infection of a host on the protected network.Viruses
may propogate in many different ways. Many arrive in the form of email attachments that an unsuspecting user may
trigger by opening the attachment. Once infected, many viruses have the ability to use the infected host as a means of
spreading copies of itself to other machines on the protected and external networks.
Signature ID: 2200
CSM Mailserver HELO Buffer Overflow Vulnerability
Threat Level: Information
Industry ID: CVE-2000-0042 Bugtraq: 895
Signature Description: CSM Mailserver has an unchecked buffer in the code that handles the HELO command. CSM
mail server is a buffer overflow Vulnerability. This rule will trigger when an attacker sending a long HELO command
(above 120000 bytes). The successful exploitation of this issue will allow an attacker to crash the system or execute
arbitrary code or denial of service. No remedy available as of October, 2008.
Signature ID: 2201
VIRUS Klez Incoming
Threat Level: Warning
Signature Description: This W32/Klez variant has the ability to spoof the email 'FROM:; field. The senders address
used by the virus, may be one that was found on the infected user's system. It may appear that you have received this
virus from one person, when it was actually sent from a different user's system. Viewing the entire email header will
display the actual senders address.This worm makes use of Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment vulnerability in Microsoft Internet Explorer.This worm arrives in an Email message with a subject and
body randomly composed from a rather long pool of strings that the virus carries inside itself the virus can also add
other strings The vulnerable version are Microsoft Internet Explorer 5.01 or 5.5 without SP2.
Signature ID: 2202
Remote Pine denial of service
Threat Level: Information
Industry ID: CVE-2002-1320
Bugtraq: 6120
Signature Description: Pine is a Program for Internet News & Email, it is a tool for reading, sending, and managing
electronic messages. Pine was developed by UW Technology at the University of Washington. Pine 4.44 and earlier
versions are vulnerable to denial of service attack. By sending an email message with a specially-crafted sender address
in the "From:" message header, a remote attacker could overflow a buffer and cause to crash, these versions failed to
parse it correctly, resulting in a core dump. Execution of arbitrary code may be possible. The message must be
manually removed from the message spool.
Signature ID: 2203
SMTP AUTH LOGON brute force attempt Vulnerability
Threat Level: Information
Signature Description: Brute force is a trial and error method used by application programs to decode encrypted data
such as passwords or Data Encryption Standard Keys. An attempt is made to logon by SMTP using brute force
methods. This rule will trigger when 'Authentication unsuccessful' is detected in packet.