[Snort-users] Dynamic Preprocessor install (PE Hunter) help

Tim Maletic tmaletic at ...11827...
Thu Aug 28 12:41:58 EDT 2008


On Thu, Aug 28, 2008 at 12:21 PM, Tommy Cansanay <toortog at ...11827...> wrote:
> I got it to compile,
> run, and I tried testing it on a dedicated network, but haven't had any hits
> either. Curious, do you have the preproc name when it did fire?

When pehunter fires, snort will drop log messages like:
PE file extracted: 69120 bytes dumped to
pehunted/388b8fbc36a8558587afc90fb23a3b99.

(Those paying attention will recognize the md5 of notepad.exe.  :)




More information about the Snort-users mailing list