Andri,
Good question, actually I didn't even consider Suricata because I
was unaware of it's existance :( So, after reading the suricata
website for some minutes it seems that their rule format is *very
similar* (the same?) as the one from snort, which could make things
easier if we want to support both.
When it comes to what we want to do, the only thing that matters
is quality (re: false positives) and quantity of the rules to detect
web malware. Do you know if there is a comparison between suricata and
snort rulesets?
Regards,
On Sat, Oct 5, 2013 at 11:37 PM, Andri Herumurti <vynx_1...@yahoo.com> wrote:
> Hi Andres,
>
> how if use Suricata than Snort ?
> here is the comparison : http://wiki.aanval.com/wiki/Snort_vs_Suricata
>
> Regards,
> Andri
>
>
> ________________________________
> From: Andres Riancho <andres.rian...@gmail.com>
> To: "w3af-us...@lists.sourceforge.net" <w3af-us...@lists.sourceforge.net>;
> "w3af-develop@lists.sourceforge.net" <W3af-develop@lists.sourceforge.net>
> Sent: Sunday, October 6, 2013 3:38 AM
> Subject: [W3af-develop] Snort rules to detect malware
>
> Guys,
>
> We already have a clamav plugin that will identify if an http
> response body (usually a PE, DLL, ELF, PDF, DOC etc.) contains a virus
> or not. The other day I was thinking about how to improve this and
> came up with the idea of using snort rules to detect malware [0]
>
> The idea is rather simple:
> * Crawl the site (we already do that)
> * Parse snort rules into regular expressions
> * Create a grep plugin that will apply those regular
> expressions to each HTTP response body
> * If a match is found, then report it to the knowledge base
>
> What do you guys think about the idea? Anyone with snort
> experience to weight in with some facts on how many false positives
> are found by rules like these? Anyone knows about the licensing for
> the rules? Can we include them into our repository?
>
> [0] https://github.com/andresriancho/w3af/issues/671
>
> Regards,
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
