[Snort-sigs] Snort: Signature database question

Bhuvaneswari Ramkumar ramkumar at ...3325...
Sun Nov 25 21:45:54 EST 2007


Thank you !
I did have a look at the rules file and I didnt know that the rules were its
signature.
What I was looking for as a signature of a Malware was its unique
byte-pattern
or Hex signature of a string of bytes which occurs in every
(non-polymorphic) instance of the malware.
I guess I have to look around for something on those lines now.

Thanks
Bhuvana


On 11/25/07, Joel Esler <joel.esler at ...435...> wrote:
>
> Take a look at the spyware-put.rules, that will be a good start for you.
>
> Joel
>
> On Nov 24, 2007, at 7:14 PM, Bhuvaneswari Ramkumar wrote:
>
> > Hello All,
> >
> > I'm a newbie to SNORT and am researching on signature detection in
> > malware.
> > I'm interested in looking at a signature database for viruses and
> > worms.
> > I have some issues with Snort installation for Windows
> >
> > While I settle that ... could one of you tell me if Snort does have
> > a signature database for malware?
> > If so where can I find it .... or does it depend on successful
> > installation of Snort itself ?
> >
> > could someone help me with this ?
> >
> > Thanks
> > Bhuvana
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>
> > Snort-sigs mailing list
> > Snort-sigs at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20071125/3ec92748/attachment.html>


More information about the Snort-sigs mailing list