Re: [Snort-users] Block
This is a discussion on Re: [Snort-users] Block within the Snort forums, part of the System Security and Security Related category; --On Monday, February 16, 2004 4:46 PM -0600 Frank Knobbe <frank@knobbe.us> wrote: > > Uhm, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-17-2004
|
|||
|
|||
Re: [Snort-users] Block
--On Monday, February 16, 2004 4:46 PM -0600 Frank Knobbe <frank@knobbe.us>
wrote: > > Uhm, I'm not sure about that, Paul. I've heard from folks that caught > new viruses with Clamav before Norton got it. Matter the fact, just > recently there was a posting somewhere (I'm sure you've seen that since > you are on most lists) that showed that clamav had a signature for it > first. > > I have nothing but pleasant experience with clamav. I can't believe how > well it works for being OpenSource. I'm answering on list only because I do not want to leave the wrong impression. clamav is certainly better than nothing, and if that's all you can afford, then by all means use it. What I *am* saying is that testing by the researchers at the University of Hamburg has shown that its detection rate is *not* comparable to commercial scanners. So long as you understand that, using clamav can be a useful part of an overall strategy to limit exposure to viruses. No virus scanner is perfect, and clamav will catch viruses that other scanners will miss, and vice versa. Use of *any* gateway av scanner should be supplemented by other strategies such as extension blocking to provide the best possible protection. However, anecdotal evidence notwithstanding, in controlled studies using standard research methodology, clamav did not measure up to commercial scanners. Please note, I am a fan of open source, and I am not trying to discourage the use of clamav. I just think people should use software in an informed manner. These tests were done and published on a private list, so I cannot publish the details. I do not know if the university will publish the details on their website. <http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm> Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
