Snort mailing list archives
RE: Who doesn't care about virus rules, and why?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Thu, 6 Nov 2003 09:01:15 -0600
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of kenw () kmsi net Sent: Wednesday, November 05, 2003 9:45 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Who doesn't care about virus rules, and why? The header of virus.rules says:# NOTE: These rules are NOT being actively maintained.<snip># These rules are going away. We don't care about virusrules anymore. Who are "we", and what makes them think these rules aren't important?
It's not that they aren't important. It's that no one seems to want to maintain them. Doing so requires a great deal of work, and there *are* other, better methods of doing virus detection on a network. However, it might make sense to maintain a smaller collection of the network aware worms, such as Bugbear (which is what is most likely driving your customer's printers crazy), Funlove, Qaz, Lovgate, Sobig, et. al. The problem is finding someone to do that. I'd volunteer, but it's really hard for me to get samples (because of the protections we have in place), and I really don't have the time to set up a private network, infect a goat and capture its traffic so the signatures can be done right. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Who doesn't care about virus rules, and why? Williams Jon (Nov 06)
- Re: Who doesn't care about virus rules, and why? Iain Hallam (Nov 06)
- Re: Who doesn't care about virus rules, and why? Snortty (Nov 06)
- RE: Who doesn't care about virus rules, and why? Jason Haar (Nov 06)
- <Possible follow-ups>
- RE: Who doesn't care about virus rules, and why? Schmehl, Paul L (Nov 06)
- Re: Who doesn't care about virus rules, and why? kenw (Nov 06)
- RE: Who doesn't care about virus rules, and why? Williams Jon (Nov 06)
- Re: Who doesn't care about virus rules, and why? Iain Hallam (Nov 06)