[Snort-sigs] Virus/Worms signatures ruleset

Dan Metcalf snort-dan at ...2556...
Thu Jun 17 18:21:05 EDT 2004


I'm sure that this has been covered many times before, so just please point
me in the correct direction.

I have a client that is a VERY small ISP.  They are interested in tracking
down worms and viruses within their network to aid end users in eradicating
the problems.  They of course don't have control of the end users' computer
systems, so other than running anti-virus at the mail server and blocking a
few commonly exploited ports they would like to have tools to help point
them and their users in the right direction.

Question:  Where should I look for signatures of virus & worms, and more
preferably rulesets that might help them in identifying systems with
problems?  Since the virus.rules isn't maintained I'm sure some other
parties have put together some kind of ruleset to help.

Thanks for any help.

Dan Metcalf
snort-dan at ...2556...





More information about the Snort-sigs mailing list