[Snort-users] VRT Blog Post, blacklist.rules
Joel Esler
jesler at ...1935...
Tue Feb 8 17:56:04 EST 2011
http://vrt-blog.snort.org/2011/02/blacklistrules-clamav-and-data-mining.html
I just wanted to bring this blog post to everyone's attention (if you aren't a VRT blog subscriber...)
It details how we create the blacklist.rules file that is included in the VRT rules (now with blacklisted user-agents!) There was some discussion about a week ago about the blacklist, botnet-cnc, and phishing-spam rules, so Alex Kirk wrote up this great blog entry with some pointers to the raw data that we product out of the ClamAV Malware repository.
Check it out.
--
Joel Esler
jesler at ...1935...
http://blog.snort.org && http://blog.clamav.net
More information about the Snort-users
mailing list