Re: [ossec-list] Re: windows malware detection

2016-03-15 Thread 林威任 
This code is my win_malware_rcl.txt:

[Trojan Dropper] [all] [0A37D49E798F50C8F1010D5CFDE0E851]
f:C:\Users\agent05\AppData\Local\Temp\AcroRD32.exe;

r:HKEY_USERS\S-1-5-21-3463664321-2923530833-3546627382-1000\Software\Microsoft
\Windows\CurrentVersion\Run -> Acroread
-> r:AcroRD32.exe;
p:r:AcroRD32.exe;

Thank you

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: windows malware detection

2016-03-15 Thread 林威任 
This code is my win_malware_rcl.txt:

[Trojan Dropper] [all] [0A37D49E798F50C8F1010D5CFDE0E851]
f:C:\Users\agent05\AppData\Local\Temp\AcroRD32.exe; 
r:HKEY_USERS\S-1-5-21-3463664321-2923530833-3546627382-1000\Software\Microsoft 
\Windows\CurrentVersion\Run -> Acroread -> r:AcroRD32.exe; p:r:AcroRD32.exe;
Thank you

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: windows malware detection

2016-03-15 Thread Santiago Bassett 
Where are you including the configuration? That should go in the file:

/var/ossec/etc/shared/win_malware_rcl.txt

Please paste the contents of that file.

Thank you

On Mon, Mar 14, 2016 at 11:12 PM, 林威任  wrote:

> sorry,this email is google apps for education.
> About my email,I use hnagouts to send you, is it ok?
> And,This is my agent's log file:
> 016/03/15 14:07:44 ossec-agent: INFO: Started (pid: 3760).
> 2016/03/15 14:07:45 ossec-agent(4102): INFO: Connected to the server (
> 192.168.164.142:1514
> 
> ).
> 2016/03/15 14:07:45 ossec-agent: INFO: System is Vista or newer (Microsoft
> Windows 7 Ultimate Edition Professional Service Pack 1 (Build 7601) - OSSEC
> HIDS v2.8.3).
> 2016/03/15 14:07:45 ossec-agent(1951): INFO: Analyzing event log:
> 'Application'.
> 2016/03/15 14:07:45 ossec-agent(1951): INFO: Analyzing event log:
> 'Security'.
> 2016/03/15 14:07:45 ossec-agent(1951): INFO: Analyzing event log: 'System'.
> 2016/03/15 14:07:45 ossec-agent: INFO: Started (pid: 3760).
> 2016/03/15 14:08:44 ossec-agent: INFO: Starting syscheck scan (forwarding
> database).
> 2016/03/15 14:08:44 ossec-agent: INFO: Starting syscheck database
> (pre-scan).
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\boot.ini': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/CONFIG.NT': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/AUTOEXEC.NT': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/debug.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/drwatson.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/drwtsn32.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/edlin.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/eventtriggers.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/rcp.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/rexec.exe': No such file or directory
> 2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/rsh.exe': No such file or directory
> 2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/telnet.exe': No such file or directory
> 2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/tftp.exe': No such file or directory
> 2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory:
> 'C:\Windows/System32/tlntsvr.exe': No such file or directory
> 2016/03/15 14:08:46 ossec-agent: INFO: Initializing real time file
> monitoring (not started).
> 2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory:
> 'C:\Users/Public/All Users/Microsoft/Windows/Start Menu/Startup': No such
> file or directory
> 2016/03/15 14:08:46 ossec-agent: INFO: Real time file monitoring started.
> 2016/03/15 14:08:46 ossec-agent: INFO: Finished creating syscheck database
> (pre-scan completed).
> 2016/03/15 14:08:56 ossec-agent: INFO: Ending syscheck scan (forwarding
> database).
> 2016/03/15 14:09:16 ossec-agent: INFO: Starting rootcheck scan.
> 2016/03/15 14:09:16 ossec-agent(1252): ERROR: Invalid rk configuration
> value: '[Trojan Dropper] [all] [0A37D49E798F50C8F1010D5CFDE0E851] '.
> 2016/03/15 14:09:22 ossec-agent: INFO: Ending rootcheck scan.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC compilation error on 5.3 AIX

2016-03-15 Thread Eero Volotinen 
Well. You must be joking. Get one.

--
Eero

2016-03-15 18:44 GMT+02:00 Aymen Belkhiria :

> The issue is that I don't have a test environnement.
>
> BR
>
> On Tuesday, March 15, 2016 at 2:15:50 PM UTC+1, Eero Volotinen wrote:
>>
>> Compile on test host and copy binaries to production host..
>>
>> Eero
>> 15.3.2016 3.04 ip. "Aymen Belkhiria"  kirjoitti:
>>
>>> Hi there,

>>>
>>> I have to install ossec in AIX 5.3 do you have the recompiled ossec
>>> agent version? was you able to compile it.
>>> The issue is that the server is on production and the client doesn't
>>> accept to install gcc on it.
>>>
>>> Please advise?
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ossec-list+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC compilation error on 5.3 AIX

2016-03-15 Thread Aymen Belkhiria 
The issue is that I don't have a test environnement.

BR 

On Tuesday, March 15, 2016 at 2:15:50 PM UTC+1, Eero Volotinen wrote:
>
> Compile on test host and copy binaries to production host.. 
>
> Eero
> 15.3.2016 3.04 ip. "Aymen Belkhiria"  
> kirjoitti:
>
>> Hi there,
>>>
>>
>> I have to install ossec in AIX 5.3 do you have the recompiled ossec agent 
>> version? was you able to compile it.
>> The issue is that the server is on production and the client doesn't 
>> accept to install gcc on it.
>>
>> Please advise?
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: Rule for 'Incorrectly formated message from x.x.x.x'

2016-03-15 Thread Jesus Linares 
Hi,

add ossec.log to your ossec.conf using . Then, you need to 
create decoders and rules for that events. 

Regards,
Jesus Linares.

On Tuesday, March 15, 2016 at 1:20:33 PM UTC+1, Matthias Fraidl wrote:
>
> Hi list,
>
>  
>
> is there a way, (or does anyone have implemented it already) to let ossec 
> have a look at it's own logfile (ossec.log) and to write/activate a rule to 
> get alerted if a ERROR like "Incorrectly formated message from x.x.x.x" 
> occurs? 
>
>  
>
> Best regards,
>
> Matthias
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC compilation error on 5.3 AIX

2016-03-15 Thread Eero Volotinen 
Compile on test host and copy binaries to production host..

Eero
15.3.2016 3.04 ip. "Aymen Belkhiria"  kirjoitti:

> Hi there,
>>
>
> I have to install ossec in AIX 5.3 do you have the recompiled ossec agent
> version? was you able to compile it.
> The issue is that the server is on production and the client doesn't
> accept to install gcc on it.
>
> Please advise?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: OSSEC compilation error on 5.3 AIX

2016-03-15 Thread Aymen Belkhiria 

>
> Hi there,
>

I have to install ossec in AIX 5.3 do you have the recompiled ossec agent 
version? was you able to compile it.
The issue is that the server is on production and the client doesn't accept 
to install gcc on it.

Please advise?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Rule for 'Incorrectly formated message from x.x.x.x'

2016-03-15 Thread Matthias Fraidl 


Hi list,

 

is there a way, (or does anyone have implemented it already) to let ossec 
have a look at it's own logfile (ossec.log) and to write/activate a rule to 
get alerted if a ERROR like "Incorrectly formated message from x.x.x.x" 
occurs? 

 

Best regards,

Matthias

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Need a "decoder ring" for OSSEC

2016-03-15 Thread dan (ddp) 
On Tue, Mar 15, 2016 at 7:07 AM, Johnny InfoSec
 wrote:
> Thanks Dan,
>
> As far as the log portion goes; can you make any sense of this? These are
> from other shellshock exploit attempt alerts. What exactly is going on here?
>
> 20:22:37.287 -0500  191.101.6.217 "-" POST "-" "-"
> /cgi-sys/defaultwebpage.cgi () { _; OpenVAS; } >_[$($())] {  echo
> Content-Type: text/plain; echo; echo; PATH=/usr/bin:/usr/local/bin:/bin;
> export PATH; id;
>
> 2016-03-14 20:22:40.566 -0500  191.101.6.217 "-" GET "-" "-"
> /cgi-sys/FormMail-clone.cgi () { OpenVAS:; }; echo Content-Type: text/plain;
> echo; echo; PATH=/usr/bin:/usr/local/bin:/bin; export PATH; id;
>

It looks like OpenVAS (a vulnerability scanner) is trying to execute
the `id` command through either defaultwebpage.cgi or
FormMail-clone.cgi. the "PATH=/usr/bin:/usr/local/bin:/bin; export
PATH; id" bit sets the path for the shell (if it's shellshock I guess
they expect bash to be the shell), and executes the id command.
I believe the attempts are coming from 191.101.6.217.
The first is attempting an HTTP POST, the second an HTTP GET.

> I really appreciate your help. This is all new to me.
>
> J~
>
>
> On Thursday, March 10, 2016 at 4:36:09 AM UTC-6, dan (ddpbsd) wrote:
>>
>>
>> On Mar 10, 2016 5:32 AM, "Johnny InfoSec"  wrote:
>> >
>> > Greetings,
>> >
>> > As a new OSSEC user. I have found some of the alerts difficult to make
>> > sense of. Is there any documentation (or decoder ring :-)) that helps with
>> > this?
>> >
>> > Trying to make sense of some of the different sections in the below
>> > alert:
>> >
>> > OSSEC HIDS Notification.
>> >
>>
>> This is the subject.
>>
>> > 2016 Mar 08 21:00:02
>> >
>> >
>>
>> Timestamp
>>
>> >
>> > Received From: .log
>> >
>>
>> Where the log triggering the alert originated.
>>
>> > Rule: 100032 fired (level 13) -> "Shellshock Exploit Attempt"
>> >
>>
>> The rule ID, level, and description.
>>
>> > Portion of the log(s):
>> >
>> >
>> >
>> > Mar  8 21:00:01 ??? WAF src= spt=13006 dst=??? dpt=443 actionTaken=CLOAK
>> > attackDescription=UNRECOGNIZED_COOKIE attackDetails=[Cookie\="echo"
>> > Service-created\="211 days back" Reason\="No valid encrypted pair"]
>> > attackGroup=ATTACK_CATEGORY_SESSION_TAMPER attackId=29030 logType=WF
>> > app=HTTPS request=.net/ requestMethod=GET rt=1457492380066
>> > userAgent="User-Agent: () { :;}; echo; echo "QPZVGMTHKAYNGZV"  " referer=()
>> > { :;}; echo; echo "QPZVGMTHKAYNGZV"
>> >
>>
>> The log that triggered the alert.
>>
>> >
>> > If someone could help me break this alert down (i.e. each section/label)
>> > that would be much appreciated.
>> >
>> >
>> > J~
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Need a "decoder ring" for OSSEC

2016-03-15 Thread Johnny InfoSec 
Thanks Dan,

As far as the log portion goes; can you make any sense of this? These are 
from other shellshock exploit attempt alerts. What exactly is going on here?

20:22:37.287 -0500  191.101.6.217 "-" POST "-" "-" 
/cgi-sys/defaultwebpage.cgi () { _; OpenVAS; } >_[$($())] {  echo 
Content-Type: text/plain; echo; echo; PATH=/usr/bin:/usr/local/bin:/bin; 
export PATH; id; 

2016-03-14 20:22:40.566 -0500  191.101.6.217 "-" GET "-" "-" 
/cgi-sys/FormMail-clone.cgi () { OpenVAS:; }; echo Content-Type: 
text/plain; echo; echo; PATH=/usr/bin:/usr/local/bin:/bin; export PATH; id; 

I really appreciate your help. This is all new to me.

J~


On Thursday, March 10, 2016 at 4:36:09 AM UTC-6, dan (ddpbsd) wrote:
>
>
> On Mar 10, 2016 5:32 AM, "Johnny InfoSec"  > wrote:
> >
> > Greetings,
> >
> > As a new OSSEC user. I have found some of the alerts difficult to make 
> sense of. Is there any documentation (or decoder ring :-)) that helps with 
> this?
> >
> > Trying to make sense of some of the different sections in the below 
> alert:
> >
> > OSSEC HIDS Notification.
> >
>
> This is the subject.
>
> > 2016 Mar 08 21:00:02
> >
> > 
>
> Timestamp
>
> >
> > Received From: .log
> >
>
> Where the log triggering the alert originated. 
>
> > Rule: 100032 fired (level 13) -> "Shellshock Exploit Attempt"
> >
>
> The rule ID, level, and description.
>
> > Portion of the log(s):
> >
> >  
> >
> > Mar  8 21:00:01 ??? WAF src= spt=13006 dst=??? dpt=443 actionTaken=CLOAK 
> attackDescription=UNRECOGNIZED_COOKIE attackDetails=[Cookie\="echo" 
> Service-created\="211 days back" Reason\="No valid encrypted pair"] 
> attackGroup=ATTACK_CATEGORY_SESSION_TAMPER attackId=29030 logType=WF 
> app=HTTPS request=.net/ requestMethod=GET rt=1457492380066  
> userAgent="User-Agent: () { :;}; echo; echo "QPZVGMTHKAYNGZV"  " referer=() 
> { :;}; echo; echo "QPZVGMTHKAYNGZV"
> >
>
> The log that triggered the alert.
>
> >
> > If someone could help me break this alert down (i.e. each section/label) 
> that would be much appreciated.
> >
> >
> > J~
> >
> > -- 
> >
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ossec-list+...@googlegroups.com .
> > For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: windows malware detection

2016-03-15 Thread 林威任 
sorry,this email is google apps for education.
About my email,I use hnagouts to send you, is it ok?
And,This is my agent's log file:
016/03/15 14:07:44 ossec-agent: INFO: Started (pid: 3760).
2016/03/15 14:07:45 ossec-agent(4102): INFO: Connected to the server (
192.168.164.142:1514 

).
2016/03/15 14:07:45 ossec-agent: INFO: System is Vista or newer (Microsoft 
Windows 7 Ultimate Edition Professional Service Pack 1 (Build 7601) - OSSEC 
HIDS v2.8.3).
2016/03/15 14:07:45 ossec-agent(1951): INFO: Analyzing event log: 
'Application'.
2016/03/15 14:07:45 ossec-agent(1951): INFO: Analyzing event log: 
'Security'.
2016/03/15 14:07:45 ossec-agent(1951): INFO: Analyzing event log: 'System'.
2016/03/15 14:07:45 ossec-agent: INFO: Started (pid: 3760).
2016/03/15 14:08:44 ossec-agent: INFO: Starting syscheck scan (forwarding 
database).
2016/03/15 14:08:44 ossec-agent: INFO: Starting syscheck database 
(pre-scan).
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\boot.ini': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/CONFIG.NT': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/AUTOEXEC.NT': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/debug.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/drwatson.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/drwtsn32.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/edlin.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/eventtriggers.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/rcp.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/rexec.exe': No such file or directory 
2016/03/15 14:08:44 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/rsh.exe': No such file or directory 
2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/telnet.exe': No such file or directory 
2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/tftp.exe': No such file or directory 
2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory: 
'C:\Windows/System32/tlntsvr.exe': No such file or directory 
2016/03/15 14:08:46 ossec-agent: INFO: Initializing real time file 
monitoring (not started).
2016/03/15 14:08:46 ossec-agent: WARN: Error opening directory: 
'C:\Users/Public/All Users/Microsoft/Windows/Start Menu/Startup': No such 
file or directory 
2016/03/15 14:08:46 ossec-agent: INFO: Real time file monitoring started.
2016/03/15 14:08:46 ossec-agent: INFO: Finished creating syscheck database 
(pre-scan completed).
2016/03/15 14:08:56 ossec-agent: INFO: Ending syscheck scan (forwarding 
database).
2016/03/15 14:09:16 ossec-agent: INFO: Starting rootcheck scan.
2016/03/15 14:09:16 ossec-agent(1252): ERROR: Invalid rk configuration 
value: '[Trojan Dropper] [all] [0A37D49E798F50C8F1010D5CFDE0E851] '.
2016/03/15 14:09:22 ossec-agent: INFO: Ending rootcheck scan.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.