On Thu, 25 Nov 2004 at 6:11:22 +0000, melissad wrote: > I am new to this malware work with Linux and have been lurking on thiss > list trying to learn how to work with clam. I also know that clamav is > for viruses and not web filtering. But I am seeking info here from > anyone who might direct me to a web malware subscription or open source > database. > > My customer, a very large and security aware enterprise, has asked me to > do a cost benefit of running a commercial web filtering software package > or running a Linux cluster with a signature filtering engine. > > This customer is willing to migrate to Linux from a Solaris and Windows > DMZ mix if I can get a viable solution. > > So the question to anyone who might direct me on the list: is there a > subscription or an info source where we can grab malware signatures that > traverse in http (443, 80, 8080, 8000)? We can spend for an SSL/TLS > stateful proxy with crypto accelerator and maintain state with the proxy > bidirectionally. We can do the scripting. > > Does anyone know where we can locate the content for the signatures? > > melissa
I have read that there are various databases of malware signatures for Snort which you can probably use for your goal. Maybe ask at some Snort forums also. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
