[Snort-users] About virus.rules
nick at ...11873...
Sat May 29 23:43:01 EDT 2004
I would be very interested in helping to maintain a list of virus rules.
Such a list would be very useful for how I use snort.
Currently I grab rules from here and there (including making my own
signatures from viral binaries), but the collection is spotty and it's
hard to get them all.
I certainly understand why this is not the most common or accepted use for
Snort; however, Snort is very useful when you're attempting to detect
infected machines which you have no direct control over.
On Sat, 29 May 2004 kenw at ...10492... wrote:
> Granted that using snort to detect email-borne viruses is probably
> low-value, because it will tell you little about their source. However,
> detecting the network activity of worms, network-propagating viruses, and
> trojans if possible, can be very useful, and provides information not
> available from protection software.
ResTek, Residential Technology Services
More information about the Snort-users