Snort mailing list archives
Re: Block
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 16 Feb 2004 16:46:48 -0600
On Mon, 2004-02-16 at 16:23, Paul Schmehl wrote:
I would like to add a caution to this. If you are going to use clamav, do not depend on it as your only gateway defense. Use it as part of a more complete strategy. Recent testing by an authoritative source shows that clamav only catches about 50% of the in-the-wild viruses. (This is really off topic for snort, so if you want to discuss the details, email me off list.)
Uhm, I'm not sure about that, Paul. I've heard from folks that caught new viruses with Clamav before Norton got it. Matter the fact, just recently there was a posting somewhere (I'm sure you've seen that since you are on most lists) that showed that clamav had a signature for it first. I have nothing but pleasant experience with clamav. I can't believe how well it works for being OpenSource. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort logging way too much Ochronus (Feb 13)
- Re: Snort logging way too much Martin Roesch (Feb 13)
- Re[2]: Snort logging way too much Ochronus (Feb 13)
- Message not available
- Re[2]: Snort logging way too much Ochronus (Feb 15)
- Block Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 16)
- Message not available
- Re: Block Matt Kettler (Feb 16)
- Re: Block Paul Schmehl (Feb 16)
- Re: Block Frank Knobbe (Feb 16)
- Re: Block Paul Schmehl (Feb 16)
- Re[2]: Snort logging way too much Ochronus (Feb 13)
- Re: Block Frank Knobbe (Feb 16)
- Re: Block Brian (Feb 16)
- Re: Block Matt Kettler (Feb 17)
- Re: Snort logging way too much Martin Roesch (Feb 13)