Re: sircam removal

[Michael Boman <michael () ayeka dyndns org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 30 August 2001 20:01, Chris Mason wrote:
> My snort setup (1.8.1 with virus rules) runs on my firewall and detects
> virus attachments very well, but it doesn't do me much good as the user can
> open the email before I ever realise it's gone through. Is there a way to
> disable to packets containing those nasty attachments as they go through
> the firewall?

Not the firewall, but either using a SMTP mailcleaner (like AMaViS or 
procmail scripts) or enable flexresp in your snort and start hacking your own 
snort rules.

Best regards
 Michael Boman

- -- 
There is no such thing as a system that is secure out of the box.
Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this
morning that he had found one at WalMart the other day that was
secure out of the box, but as it turns out that was a Nintendo.

- -- Jesper M Johansson, Ph.D. Assistant Professor of Information
   Systems at Boston University - during a SANS audio broadcast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7ji9LjD4u/xp0yJcRApBnAJ4oc/BQPsOJA0hA58176fWhNsOCgQCeMXLm
WX8yGtFRalnFDBdBfIlK/rM=
=LbYC
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users