Posted: Sun Mar 04, 2007 11:09 am Post subject: [asterisk-speech-rec] update
Hello,
I would like to include a rule when another is triggered, for example:
If this rule is triggered:
drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE
Malware Gator/Clarian Agent"; flow: to_server,established;
uricontent:"/gbsf/gd/ne/new.net.gtrg2ze"; nocase; classtype:
policy-violation; reference:url,
www3.ca.com/securityadvisor/pest/content.aspx?q=67999; sid: 2001306;
rev:5;)
I would like to also trigger this rule for n minutes/seconds:
drop tcp any any -> any 80 (classtype:attempted-user; msg:"Port 80
connection initiated";)
I've looked at the tagging option for rules but I need to drop them, not
just log them.
Any ideas?
have just patched snort 2.3.3 with ClamAV-2.3.3-1.diff and it doesn't
seem to work as advertised. I have the following preprocessor line
preprocessor clamav: ports all !20 !22 !443, toclientonly, dbdir
/var/ftp/pub/tools/clamav-devel/share/clamav/, dbreload-time 43200,
file-descriptor-mode
I strace'd snort while downloading EICAR.COM and the klez virus from a
remote HTTP server - the strace shows the daily.* files being loaded -
which tells me ClamAV is being enabled - but nothing got detected. I
even ran tcpdump on the same interface and can see the HTTP download -
so it's definitely not a wiring issue either.
I can see tonnes of /tmp/snort_inline-clamav-XXXXXX files being created,
opened,closed and unlinked - but no virus was detected. The summary that
is outputted when snort exits shows zero alerts - and nothing shows up
via the syslog or mysql output processors I use.
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum