[Snort-sigs] ack! bad virus! bad bad!

Albers, Lucas luke at ...2068...
Mon Jun 28 08:53:04 EDT 2004


 
I log to a sql database, because I'm using acidlab web interface.
I do not need to configure the map file?

-----Original Message-----
From: Matthew Jonkman
To: Albers, Lucas
Cc: 'snort-sigs mailinglist '
Sent: 6/28/2004 8:59 AM
Subject: Re: [Snort-sigs] ack! bad virus! bad bad!

First off, if you're using the stock snort you don't need the map file. 
That's for using an output processor like barnyard.

I'm not a barnyard user, but my intention in putting that file in there 
was to let you append it to your existing map file.

If any barnyard users have a better way to use it we'd appreciate 
hearing about it.

Thanks

Matt

Albers, Lucas wrote:

> I configured oinkmaster to grab this, but I am unsure what settings I
need
> to change to have it read the included .map file.
> How do you configure snort.conf to include a new *.map file?
> I could not see any specific information on what the syntax is for
including
> a new .map file.
> I easily saw how to include a new rule file, which I've done.
> 
> information appreciated.
> 
> --Luke
> 
> -----Original Message-----
> From: Matthew Jonkman
> To: Bryan Irvine
> Cc: snort-sigs mailinglist
> Sent: 6/25/2004 5:12 PM
> Subject: Re: [Snort-sigs] ack! bad virus! bad bad!
> 
> http://www.bleedingsnort.com
> 
> Matt
> 
> Bryan Irvine wrote:
> 
> 
>>Is there any way to sniff for this?
>>
>>
> 
>
http://www.informationweek.com/story/showArticle.jhtml?articleID=2210205
> 2
> 
>>I have far too many machines to go patching and modifying security
>>settings.
>>
>>--Bryan
>>
>>
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

-- 
--------------------------------------------
Matthew Jonkman, CISSP
Senior Security Engineer
Infotex
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC
my.infotex.com
www.offsitefilter.com
--------------------------------------------


NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.




More information about the Snort-sigs mailing list