Re: Sort inline virus prevention

[Matt Kettler <mkettler () evi-inc com>]

At 07:24 PM 9/20/2003, mike evans wrote:
> How
> soon after a virus outbreak do signatures get updated
> usually?  Would you recommend snort for what I'm
> trying to do or should I look elsewhere?

The snort "virus" signatures don't have any official maintainer, thus they 
are not updated with any due speed after a virus is released.

Technically speaking, viruses are not really the point of snort. It's an 
intrusion sensor, not a virus scanner.

There's lots of effective virus scanners out there, including free software 
like clamav. Now, admittedly I don't how to make a virus scanner handle 
http and ftp downloads network-wide, but a simple client side scanner works 
VERY well for this kind of thing.

For email, it's quite easy to install something like MailScanner, 
amavisd-new, or other similar tools on your mailserver to scan all inbound 
email messages. If you set up your firewall to disallow clients attempting 
to connect to outside SMTP servers, and force them to send via your 
mailserver, you can also ensure scanning of outbound email.





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users