[Snort-sigs] virus rules
matt at ...2436...
Tue Jan 25 19:13:03 EST 2005
I think that was intended to be a call for volunteers to do the
maintaining. :) If you're interested there's always room for help.
The most recent sigs are on bleedingsnort.com, but don't consider it
complete. if you'd like to contribute we'd welcome the new sigs. But ids
signatures really aren't an effective AV tool.
If you really want to get AV via snort look into the clamav snort
preprocessor, very effective if you can run snort on a blocking device.
John Hally wrote:
>Actually, I'm using IDS policy Manager, and under the Virus Rules, it says
>to send email to snort-sigs if you want to update these rules. I found this
>a little strange, but figured I'd give it a shot.
>"NOTE: These rules are NOT being actively maintained. If you would like to
>update these rules, e-mail snort-sigs at lists.sourceforge.net"
More information about the Snort-sigs