[Snort-users] About virus.rules

Nick Hatch nick at ...11873...
Sat May 29 23:43:01 EDT 2004


I would be very interested in helping to maintain a list of virus rules.
Such a list would be very useful for how I use snort.

Currently I grab rules from here and there (including making my own
signatures from viral binaries), but the collection is spotty and it's
hard to get them all.

I certainly understand why this is not the most common or accepted use for
Snort; however, Snort is very useful when you're attempting to detect
infected machines which you have no direct control over.

-Nick Hatch

On Sat, 29 May 2004 kenw at ...10492... wrote:

> Granted that using snort to detect email-borne viruses is probably
> low-value, because it will tell you little about their source.  However,
> detecting the network activity of worms, network-propagating viruses, and
> trojans if possible, can be very useful, and provides information not
> available from protection software.

--
ResTek, Residential Technology Services
http://restek.wwu.edu, x2946




More information about the Snort-users mailing list