[Snort-users] VRT Blog Post, blacklist.rules

Joel Esler jesler at ...1935...
Tue Feb 8 17:56:04 EST 2011


http://vrt-blog.snort.org/2011/02/blacklistrules-clamav-and-data-mining.html

I just wanted to bring this blog post to everyone's attention (if you aren't a VRT blog subscriber...)

It details how we create the blacklist.rules file that is included in the VRT rules (now with blacklisted user-agents!) There was some discussion about a week ago about the blacklist, botnet-cnc, and phishing-spam rules, so Alex Kirk wrote up this great blog entry with some pointers to the raw data that we product out of the ClamAV Malware repository.

Check it out.


--
Joel Esler
jesler at ...1935...
http://blog.snort.org && http://blog.clamav.net





More information about the Snort-users mailing list