Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Block

From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 16 Feb 2004 16:23:18 -0600
--On Monday, February 16, 2004 1:48 PM -0500 Matt Kettler <mkettler () evi-inc com> wrote: 


At 11:16 AM 2/16/2004,
Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco@jalisc wrote:

Hi I would like to know if with snort or some plug I can block attacks or
virus


For viruses, I'd really recommend NOT using snort to control these...
install a copy of clamav or some other virus scanner on your SMTP gateway
and make all mail go through it.
I would like to add a caution to this. If you are going to use clamav, do not depend on it as your only gateway defense. Use it as part of a more complete strategy. Recent testing by an authoritative source shows that clamav only catches about 50% of the in-the-wild viruses. (This is really off topic for snort, so if you want to discuss the details, email me off list.) 

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: