[Snort-users] Sort inline virus prevention
mkettler at ...4108...
Mon Sep 22 08:30:02 EDT 2003
At 07:24 PM 9/20/2003, mike evans wrote:
>soon after a virus outbreak do signatures get updated
>usually? Would you recommend snort for what I'm
>trying to do or should I look elsewhere?
The snort "virus" signatures don't have any official maintainer, thus they
are not updated with any due speed after a virus is released.
Technically speaking, viruses are not really the point of snort. It's an
intrusion sensor, not a virus scanner.
There's lots of effective virus scanners out there, including free software
like clamav. Now, admittedly I don't how to make a virus scanner handle
http and ftp downloads network-wide, but a simple client side scanner works
VERY well for this kind of thing.
For email, it's quite easy to install something like MailScanner,
amavisd-new, or other similar tools on your mailserver to scan all inbound
email messages. If you set up your firewall to disallow clients attempting
to connect to outside SMTP servers, and force them to send via your
mailserver, you can also ensure scanning of outbound email.
More information about the Snort-users