Menu
▾
▴
[Snort-inline-users] snort-inline capabilities ( WAS: Re: Fortinet IDS )
|
From: Jason <sec...@br...> - 2004-10-21 18:35:43
|
I imagine you could easily handle that stuff. ClamAV allows for custom virus detection so even if there is no detection for the spyware you could create it. Another avenue is using the spyware rules available for snort you could create block variants. I've no experience with the spyware rules so I cannot attest to accuracy but the solution is certainly capable of it. perhaps the inline folks would care to comment. David Puckett wrote: > Will this also prevent spyware/malware/crapware? > > Thanks, > David > > -----Original Message----- > From: Ryan Whalen [mailto:wha...@ho...] > Sent: Tuesday, October 19, 2004 1:28 PM > To: Jason; Ian Gallagher > Cc: Don Draper; foc...@se... > Subject: Re: Fortinet IDS > > > I am using a Fortigate firewall. It inspects all traffic transparently for > IDS/Virus events. > > I believe they used Snort for their IDS. Fortinet provides signature > updates for the IDS system several times a week. We are very happy with > this solution. > > Ryan > ----- Original Message ----- > From: "Jason" <sec...@br...> > To: "Ian Gallagher" <cdi...@gm...> > Cc: "Don Draper" <do...@dr...>; <foc...@se...> > Sent: Monday, October 18, 2004 6:59 PM > Subject: Re: Fortinet IDS > > > >>I am not sure how fortinet does it however I know snort-inline now has a >>clamav preprocessor that will scan for viruses in the traffic and block it >>if discovered. There is no proxy involved and all traffic is scanned based >>on a configuration you define. It is a recent development and sure to >>require beefy hardware but might be worth exploring for the edge points >>that require virus scanning. X-posting to snort-inline if they want to >>chime in. >> >>https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469 >> >> >> [...] |
