[Snort-users] Integrating ClamAv into Snort

Ayodele Okeowo aymacro at ...11827...
Tue Feb 12 15:25:57 EST 2013


Thanks Shawn. While I was waiting for the reply, I went through their sites
and they both look interesting. However, I've been hearing about OpenFPC
maybe it's something I will look into. Hopefully RazorBack will have full
documentation on how to integrate it into Snort.

I really appreciate your response and showing me some new stuff I've never
heard of today. A new learning curve.

Ayo


On Tue, Feb 12, 2013 at 1:58 PM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

> There are websites for both products that are very easy to find.****
>
> ** **
>
> Basically, both products are essentially monitoring systems that can carve
> out specific things from your network streams, like downloaded files, and
> these can then be run through ClamAV or other executable checking tools.
> Personally, I don’t use them, but I carve out specific files that were
> alerted on by Snort (I’m running StreamDB and OpenFPC), and analyze these
> on a case by case basis.****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Ayodele Okeowo [mailto:aymacro at ...11827...]
> *Sent:* Tuesday, February 12, 2013 10:42 AM
> *To:* Jefferson, Shawn
> *Cc:* wkitty42 at ...14940...; snort-users at lists.sourceforge.net
>
> *Subject:* Re: [Snort-users] Integrating ClamAv into Snort****
>
> ** **
>
> Sorry I meant Shawn.
>
> >>
> I'm looking up the tools but I'm trying to understand what they do;
> although I have a little idea but there seems to be no place on what it is,
> what's used for and the purpose of the tools.
>
> Any intake on that?
>
> ****
>
> Ayo****
>
> ** **
>
> On Tue, Feb 12, 2013 at 1:23 PM, Jefferson, Shawn <
> Shawn.Jefferson at ...14448...> wrote:****
>
> What you are looking for is something like RazorBack, or possibly BroIDS.*
> ***
>
>
> -----Original Message-----
> From: waldo kitty [mailto:wkitty42 at ...14940...]
> Sent: Tuesday, February 12, 2013 10:01 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Integrating ClamAv into Snort
>
> On 2/12/2013 11:48, Ayodele Okeowo wrote:
> > folks,
> >
> > Has anyone successfully integrated or used ClamAv with Snort? if, Yes,
> > please could you share how and what documentation to read to be able to
> implement this?
>
> for what reason? if you are thinking about scanning files that users
> transfer, then you want to include additional packages along side of your
> snort... these would perform full packet capture and then offer slicing out
> the files for analysis...
>
> snort needs to sniff and sniff only... it doesn't need to worry about
> things like scanning for viruses or even trying to log to a database...
> these things slow snort down and traffic is lost or otherwise not
> analyzed... that's not a GoodThing<tm>... leave these tasks to other apps
> to handle ;)
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013 and get the
> hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130212/54c5189b/attachment.html>


More information about the Snort-users mailing list