[Snort-users] [Emerging-Sigs] Reliability of signatures

Joel Esler jesler at ...1935...
Fri Feb 11 09:59:09 EST 2011

On Feb 11, 2011, at 9:55 AM, Seth Hall wrote:
> but if that IP address logs into some local box over SSH that would be worth looking into.

Yes, but that's not SPAM.

I understand your point there, but SPAM (IMO) should be dealt with at the gateway antivirus/email server/spam filter level (in our case, clamav for instance.)  

Joel Esler
jesler () sourcefire.com
http://blog.snort.org && http://blog.clamav.net

More information about the Snort-users mailing list