RE: [Snort-users] Who doesn't care about virus rules, and why?
This is a discussion on RE: [Snort-users] Who doesn't care about virus rules, and why? within the Snort forums, part of the System Security and Security Related category; > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net=20 > [mailto:snort-users-admin@lists.sourceforge.net] ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-06-2003
|
|||
|
|||
RE: [Snort-users] Who doesn't care about virus rules, and why?
> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net=20 > [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of=20 > kenw@kmsi.net > Sent: Wednesday, November 05, 2003 9:45 PM > To: snort-users@lists.sourceforge.net > Subject: [Snort-users] Who doesn't care about virus rules, and why? >=20 > The header of virus.rules says: >=20 > ># NOTE: These rules are NOT being actively maintained. > <snip> > ># These rules are going away. We don't care about virus=20 > rules anymore. >=20 > Who are "we", and what makes them think these rules aren't important? >=20 It's not that they aren't important. It's that no one seems to want to maintain them. Doing so requires a great deal of work, and there *are* other, better methods of doing virus detection on a network. However, it might make sense to maintain a smaller collection of the network aware worms, such as Bugbear (which is what is most likely driving your customer's printers crazy), Funlove, Qaz, Lovgate, Sobig, et. al. The problem is finding someone to do that. I'd volunteer, but it's really hard for me to get samples (because of the protections we have in place), and I really don't have the time to set up a private network, infect a goat and capture its traffic so the signatures can be done right. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/=20 ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
