Re: [W3af-develop] Snort rules to detect malware

[Andri Herumurti]

Hi Andres,

how if use Suricata than Snort ?
here is the comparison : http://wiki.aanval.com/wiki/Snort_vs_Suricata
 
Regards,
Andri



________________________________
 From: Andres Riancho <andres.rian...@gmail.com>
To: "w3af-us...@lists.sourceforge.net" <w3af-us...@lists.sourceforge.net>; 
"w3af-develop@lists.sourceforge.net" <W3af-develop@lists.sourceforge.net> 
Sent: Sunday, October 6, 2013 3:38 AM
Subject: [W3af-develop] Snort rules to detect malware
 

Guys,

    We already have a clamav plugin that will identify if an http
response body (usually a PE, DLL, ELF, PDF, DOC etc.) contains a virus
or not. The other day I was thinking about how to improve this and
came up with the idea of using snort rules to detect malware [0]

    The idea is rather simple:
        * Crawl the site (we already do that)
        * Parse snort rules into regular expressions
        * Create a grep plugin that will apply those regular
expressions to each HTTP response body
        * If a match is found, then report it to the knowledge base

    What do you guys think about the idea? Anyone with snort
experience to weight in with some facts on how many false positives
are found by rules like these? Anyone knows about the licensing for
the rules? Can we include them into our repository?

[0] https://github.com/andresriancho/w3af/issues/671

Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop