[Snort-sigs] virus rules

Matt Jonkman matt at ...2436...
Tue Jan 25 19:13:03 EST 2005


I think that was intended to be a call for volunteers to do the 
maintaining. :) If you're interested there's always room for help.

The most recent sigs are on bleedingsnort.com, but don't consider it 
complete. if you'd like to contribute we'd welcome the new sigs. But ids 
signatures really aren't an effective AV tool.

If you really want to get AV via snort look into the clamav snort 
preprocessor, very effective if you can run snort on a blocking device.

Matt

John Hally wrote:

>Actually, I'm using IDS policy Manager, and under the Virus Rules, it says
>to send email to snort-sigs if you want to update these rules.  I found this
>a little strange, but figured I'd give it a shot.
>
>"NOTE: These rules are NOT being actively maintained.  If you would like to
>update these rules, e-mail snort-sigs at lists.sourceforge.net"
>
>  
>





More information about the Snort-sigs mailing list