[Snort-users] Integrating ClamAv into Snort

Ayodele Okeowo aymacro at ...11827...
Tue Feb 12 15:46:26 EST 2013


Thanks Jeremy and it's nice to know about the status of the tool. I'll play
with it this week and see its awesomeness. And I will check out the
RazorBack tonight though and go through the documentation.

Thanks guys for the inputs.
Ayo


On Tue, Feb 12, 2013 at 3:33 PM, Jeremy Hoel <jthoel at ...11827...> wrote:

> It seems the development for OpenFPC has stalled.. there hasn't been a
> lot of movement with it.  That being said, when it works and the queue
> agent is listening, it's awesome.
>
> On Tue, Feb 12, 2013 at 8:25 PM, Ayodele Okeowo <aymacro at ...11827...> wrote:
> > Thanks Shawn. While I was waiting for the reply, I went through their
> sites
> > and they both look interesting. However, I've been hearing about OpenFPC
> > maybe it's something I will look into. Hopefully RazorBack will have full
> > documentation on how to integrate it into Snort.
> >
> > I really appreciate your response and showing me some new stuff I've
> never
> > heard of today. A new learning curve.
> >
> > Ayo
> >
> >
> > On Tue, Feb 12, 2013 at 1:58 PM, Jefferson, Shawn
> > <Shawn.Jefferson at ...14448...> wrote:
> >>
> >> There are websites for both products that are very easy to find.
> >>
> >>
> >>
> >> Basically, both products are essentially monitoring systems that can
> carve
> >> out specific things from your network streams, like downloaded files,
> and
> >> these can then be run through ClamAV or other executable checking tools.
> >> Personally, I don’t use them, but I carve out specific files that were
> >> alerted on by Snort (I’m running StreamDB and OpenFPC), and analyze
> these on
> >> a case by case basis.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> From: Ayodele Okeowo [mailto:aymacro at ...11827...]
> >> Sent: Tuesday, February 12, 2013 10:42 AM
> >> To: Jefferson, Shawn
> >> Cc: wkitty42 at ...14940...; snort-users at lists.sourceforge.net
> >>
> >>
> >> Subject: Re: [Snort-users] Integrating ClamAv into Snort
> >>
> >>
> >>
> >> Sorry I meant Shawn.
> >>
> >> >>
> >> I'm looking up the tools but I'm trying to understand what they do;
> >> although I have a little idea but there seems to be no place on what it
> is,
> >> what's used for and the purpose of the tools.
> >>
> >> Any intake on that?
> >>
> >> Ayo
> >>
> >>
> >>
> >> On Tue, Feb 12, 2013 at 1:23 PM, Jefferson, Shawn
> >> <Shawn.Jefferson at ...14448...> wrote:
> >>
> >> What you are looking for is something like RazorBack, or possibly
> BroIDS.
> >>
> >>
> >> -----Original Message-----
> >> From: waldo kitty [mailto:wkitty42 at ...14940...]
> >> Sent: Tuesday, February 12, 2013 10:01 AM
> >> To: snort-users at lists.sourceforge.net
> >> Subject: Re: [Snort-users] Integrating ClamAv into Snort
> >>
> >> On 2/12/2013 11:48, Ayodele Okeowo wrote:
> >> > folks,
> >> >
> >> > Has anyone successfully integrated or used ClamAv with Snort? if, Yes,
> >> > please could you share how and what documentation to read to be able
> to
> >> > implement this?
> >>
> >> for what reason? if you are thinking about scanning files that users
> >> transfer, then you want to include additional packages along side of
> your
> >> snort... these would perform full packet capture and then offer slicing
> out
> >> the files for analysis...
> >>
> >> snort needs to sniff and sniff only... it doesn't need to worry about
> >> things like scanning for viruses or even trying to log to a database...
> >> these things slow snort down and traffic is lost or otherwise not
> >> analyzed... that's not a GoodThing<tm>... leave these tasks to other
> apps to
> >> handle ;)
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Free Next-Gen Firewall Hardware Offer
> >> Buy your Sophos next-gen firewall before the end March 2013 and get the
> >> hardware for free! Learn more.
> >> http://p.sf.net/sfu/sophos-d2d-feb
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >>
> >> Please visit http://blog.snort.org to stay current on all the latest
> Snort
> >> news!
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Free Next-Gen Firewall Hardware Offer
> >> Buy your Sophos next-gen firewall before the end March 2013
> >> and get the hardware for free! Learn more.
> >> http://p.sf.net/sfu/sophos-d2d-feb
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >>
> >> Please visit http://blog.snort.org to stay current on all the latest
> Snort
> >> news!
> >>
> >>
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Free Next-Gen Firewall Hardware Offer
> > Buy your Sophos next-gen firewall before the end March 2013
> > and get the hardware for free! Learn more.
> > http://p.sf.net/sfu/sophos-d2d-feb
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort
> > news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130212/224d36f9/attachment.html>


More information about the Snort-users mailing list