Snort mailing list archives
Using resp against a virus
From: "Jeremy" <prrthd () myrealbox com>
Date: Tue, 09 Jul 2002 21:39:01 +0000
Hello all, I was just curious if resp could be used to reset the connection when an email virus matches a rule. For example we get tons of Klez matches on our external snort box and I was wondering if we could use resp to reset the connection before it hits the smtp server. We do have anti-virus on the SMTP server so it does catch Klez and sanitize the email, but it would be nice to take some load off that server by reseting the connection before it even got that far. I was not sure how tearing down the connection would affect the Source SMTP server, would it keep trying to send the email or would it be stopped in its tracks. Please CC me any responses since I am not currently on this list. Thanks, Jeremy ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using resp against a virus Jeremy (Jul 09)
- Re: Using resp against a virus Michael Boman (Jul 09)
- Re: Using resp against a virus Jeff Kell (Jul 09)
- Re: Using resp against a virus -> LaBrea plugin? Frank Knobbe (Jul 09)
- Re: Using resp against a virus Jeff Kell (Jul 09)
- Re: Using resp against a virus Bennett Todd (Jul 10)
- Re: Using resp against a virus Michael Boman (Jul 09)