IDS mailing list archives
snort-inline capabilities ( WAS: Re: Fortinet IDS )
From: Jason <security () brvenik com>
Date: Thu, 21 Oct 2004 14:35:33 -0400
I imagine you could easily handle that stuff. ClamAV allows for custom virus detection so even if there is no detection for the spyware you could create it. Another avenue is using the spyware rules available for snort you could create block variants. I've no experience with the spyware rules so I cannot attest to accuracy but the solution is certainly capable of it.
perhaps the inline folks would care to comment. David Puckett wrote:
Will this also prevent spyware/malware/crapware? Thanks, David -----Original Message----- From: Ryan Whalen [mailto:whalenryan () hotmail com] Sent: Tuesday, October 19, 2004 1:28 PM To: Jason; Ian Gallagher Cc: Don Draper; focus-ids () securityfocus com Subject: Re: Fortinet IDSI am using a Fortigate firewall. It inspects all traffic transparently for IDS/Virus events.I believe they used Snort for their IDS. Fortinet provides signature updates for the IDS system several times a week. We are very happy with this solution.Ryan----- Original Message ----- From: "Jason" <security () brvenik com>To: "Ian Gallagher" <cdine.org () gmail com> Cc: "Don Draper" <don () draperconsulting com>; <focus-ids () securityfocus com> Sent: Monday, October 18, 2004 6:59 PM Subject: Re: Fortinet IDSI am not sure how fortinet does it however I know snort-inline now has a clamav preprocessor that will scan for viruses in the traffic and block it if discovered. There is no proxy involved and all traffic is scanned based on a configuration you define. It is a recent development and sure to require beefy hardware but might be worth exploring for the edge points that require virus scanning. X-posting to snort-inline if they want to chime in.https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469
[...] -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Fortinet IDS Don Draper (Oct 15)
- Re: Fortinet IDS Mark Teicher (Oct 18)
- Re: Fortinet IDS Ian Gallagher (Oct 18)
- Re: Fortinet IDS Jason (Oct 19)
- Re: Fortinet IDS Ryan Whalen (Oct 21)
- Re: Fortinet IDS Ron Gula (Oct 21)
- Re: Fortinet IDS Jason (Oct 19)
- Message not available
- Re: Fortinet IDS Ian Gallagher (Oct 21)
- <Possible follow-ups>
- RE: Fortinet IDS Tom Neclerio (Oct 19)
- RE: Fortinet IDS David Puckett (Oct 21)
- snort-inline capabilities ( WAS: Re: Fortinet IDS ) Jason (Oct 21)
- RE: Fortinet IDS Michael Allgeier (Oct 21)