Re: Snort Rules

[Matt Kettler <mkettler () evi-inc com>]

At 09:49 AM 10/21/2003, Martin Jr., D. Michael wrote:
> I have been using Snort now for only about two weeks and it has been the
> best resource in the world for identifying infected machines in our
> residence halls that have the Nachi/Welchi virus.  But, as all virus do,
> I want to make sure that I have Snort configured with the latest rules
> to find the latest viruses.

The best places to watch for new signatures are:
        1) http://www.snort.org/dl/rules/
        2) the snort-sigs mailing list
        3) the snort-users list (ie: this list).


It should be noted however that snort's got a semi-maintained-at-best 
status for virus rules.. Last I looked there's no official maintainer of 
the virus ruleset, so rules are added to it in a fairly haphazard basis 
whenever someone comes up with a decent rule and submits it.





-------------------------------------------------------
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users