[Snort-users] Block

Paul Schmehl pauls at ...6838...
Mon Feb 16 14:28:01 EST 2004


--On Monday, February 16, 2004 1:48 PM -0500 Matt Kettler 
<mkettler at ...4108...> wrote:

> At 11:16 AM 2/16/2004,
> Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco at ...11223... wrote:
>> Hi I would like to know if with snort or some plug I can block attacks or
>> virus
>
> For viruses, I'd really recommend NOT using snort to control these...
> install a copy of clamav or some other virus scanner on your SMTP gateway
> and make all mail go through it.
>
I would like to add a caution to this.  If you are going to use clamav, do 
not depend on it as your only gateway defense.  Use it as part of a more 
complete strategy.  Recent testing by an authoritative source shows that 
clamav only catches about 50% of the in-the-wild viruses.  (This is really 
off topic for snort, so if you want to discuss the details, email me off 
list.)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list