Snort mailing list archives
Re: About virus.rules
From: kenw () kmsi net
Date: Sat, 29 May 2004 23:02:11 -0600
On Mon, 17 May 2004 13:22:18 -0500, you wrote:
On Mon, May 17, 2004 at 10:55:48AM -0400, Matt Kettler wrote:At 03:43 AM 5/17/2004, etienne.causse () pierre-fabre com wrote:"# NOTE: These rules are NOT being actively maintained. # These rules are going away. We don't care about virus rules anymore." Although, I see that there are more rules than the only one listed in this file on snort.org. So my question is quite simple : why is there no support for virus rules any more ?Simple answer: Because AFAIK nobody has volunteered to be the official maintainer of the rules.I volunteered some time ago, but never received a response. So, I can only assume I'm either worthless or they aren't looking for a maintainer :) I would hope the 2nd as they say the rules are going away and they don't care. -=Mike
I agree with your sentiment, but is there any reason "they" have to respond at all? AFAIK, if you want to maintain a rule set, and post it occasionally or put it on a ftp/web site, nobody's stopping you, and many people will be appreciative. I nearly did it myself a while back, but got too busy. Collected a number of signatures, but it's getting out of date; haven't even browsed this list for a while. Granted that using snort to detect email-borne viruses is probably low-value, because it will tell you little about their source. However, detecting the network activity of worms, network-propagating viruses, and trojans if possible, can be very useful, and provides information not available from protection software. In fact, for smaller sites, I suspect such detection could actually be of greater value than any of the usual IDS-related functions. /kenw Ken Wallewein K&M Systems Integration Phone (403)274-7848 Fax (403)275-4535 kenw () kmsi net www.kmsi.net ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- About virus.rules etienne . causse (May 17)
- Message not available
- Re: About virus.rules Matt Kettler (May 17)
- Re: About virus.rules Michael Sconzo (May 17)
- Re: About virus.rules Frank Knobbe (May 17)
- Re: About virus.rules Michael Sconzo (May 17)
- Re: About virus.rules Frank Knobbe (May 17)
- Re: About virus.rules Jason Haar (May 17)
- Re: About virus.rules Matt Kettler (May 17)
- Message not available
- Re: About virus.rules kenw (May 29)
- Re: About virus.rules Nick Hatch (May 29)