Snort mailing list archives
Re: Anti Virus Protection vs. Intrusion Detection
From: "John" <john_yu () excite com>
Date: Sat, 22 Feb 2003 22:57:13 -0500 (EST)
I understand that some viruses may be embedded in mime attachments. Does Snort do mime extraction, mime decoding, and mime decompression? Or can you define signatures for Snort to recognize that catches the same viruses without the need to do these mime extraction/decoding/decompression steps? --- On Sat 02/22, Sean D. Ackley < sean () ackind net > wrote: From: Sean D. Ackley [mailto: sean () ackind net] To: john_yu () excite com Date: Sat, 22 Feb 2003 10:32:23 -0800 Subject: Re: [Snort-users] Anti Virus Protection vs. Intrusion Detection The very BIG thing, is Snort will not "clean" or delete the infected message. It will simply report a problem. Other than that, the snort engine can pretty much detect anything that has a signature to it. sda. ----- Original Message ----- From: "John" <john_yu () excite com> To: <snort-users () lists sourceforge net> Sent: Thursday, February 20, 2003 8:39 AM Subject: [Snort-users] Anti Virus Protection vs. Intrusion Detection
I read the thread "Anti Virus on Linux" on this group recently where a number of anti-virus software recommendations were made. Naive question. What's the difference between what Snort does with rule matching vs. what an anti-virus gateway (ala Symantec & McAfee) does with virus signature matching? I suspect Snort doesn't do MIME extraction, decoding & decompression, but what are the other differences? Are they complementary?
_______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Anti Virus Protection vs. Intrusion Detection John (Feb 21)
- Re: Anti Virus Protection vs. Intrusion Detection Kenneth G. Arnold (Feb 21)
- <Possible follow-ups>
- Re: Anti Virus Protection vs. Intrusion Detection John (Feb 22)