Re: About virus.rules

[Nick Hatch <nick () kulshan restek wwu edu>]

I would be very interested in helping to maintain a list of virus rules.
Such a list would be very useful for how I use snort.

Currently I grab rules from here and there (including making my own
signatures from viral binaries), but the collection is spotty and it's
hard to get them all.

I certainly understand why this is not the most common or accepted use for
Snort; however, Snort is very useful when you're attempting to detect
infected machines which you have no direct control over.

-Nick Hatch

On Sat, 29 May 2004 kenw () kmsi net wrote:

> Granted that using snort to detect email-borne viruses is probably
> low-value, because it will tell you little about their source.  However,
> detecting the network activity of worms, network-propagating viruses, and
> trojans if possible, can be very useful, and provides information not
> available from protection software.

--
ResTek, Residential Technology Services
http://restek.wwu.edu, x2946


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users