[Snort-users] [Emerging-Sigs] Reliability of signatures
jesler at ...1935...
Fri Feb 11 09:59:09 EST 2011
On Feb 11, 2011, at 9:55 AM, Seth Hall wrote:
> but if that IP address logs into some local box over SSH that would be worth looking into.
Yes, but that's not SPAM.
I understand your point there, but SPAM (IMO) should be dealt with at the gateway antivirus/email server/spam filter level (in our case, clamav for instance.)
jesler () sourcefire.com
http://blog.snort.org && http://blog.clamav.net
More information about the Snort-users