snort-sigs February 2011 archive
Main Archive Page > Month Archives  > snort-sigs archives
snort-sigs: [Snort-users] VRT Blog Post, blacklist.rules

[Snort-users] VRT Blog Post, blacklist.rules

From: Joel Esler <jesler_at_nospam>
Date: Tue Feb 08 2011 - 22:56:04 GMT
To: Snort-Users Users <snort-users@lists.sourceforge.net>, snort-sigs@lists.sourceforge.net

http://vrt-blog.snort.org/2011/02/blacklistrules-clamav-and-data-mining.html

I just wanted to bring this blog post to everyone's attention (if you aren't a VRT blog subscriber...)

It details how we create the blacklist.rules file that is included in the VRT rules (now with blacklisted user-agents!) There was some discussion about a week ago about the blacklist, botnet-cnc, and phishing-spam rules, so Alex Kirk wrote up this great blog entry with some pointers to the raw data that we product out of the ClamAV Malware repository.

Check it out.

-- Joel Esler jesler@sourcefire.com http://blog.snort.org && http://blog.clamav.net ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users