Hi Andres, I think no problem as long as the ruleset is open source.
So when we will make it happen ? Regards Andri > On 6 Okt 2013, at 18.58, Andres Riancho <andres.rian...@gmail.com> wrote: > > Maybe the focus should be moved away from the detection engines > (snort, suricata) and into the rules provider(s)? > > http://www.emergingthreats.net/open-source/ > >> On Sun, Oct 6, 2013 at 8:53 AM, Andres Riancho <andres.rian...@gmail.com> >> wrote: >> Andri, >> >> Good question, actually I didn't even consider Suricata because I >> was unaware of it's existance :( So, after reading the suricata >> website for some minutes it seems that their rule format is *very >> similar* (the same?) as the one from snort, which could make things >> easier if we want to support both. >> >> When it comes to what we want to do, the only thing that matters >> is quality (re: false positives) and quantity of the rules to detect >> web malware. Do you know if there is a comparison between suricata and >> snort rulesets? >> >> Regards, >> >>> On Sat, Oct 5, 2013 at 11:37 PM, Andri Herumurti <vynx_1...@yahoo.com> >>> wrote: >>> Hi Andres, >>> >>> how if use Suricata than Snort ? >>> here is the comparison : http://wiki.aanval.com/wiki/Snort_vs_Suricata >>> >>> Regards, >>> Andri >>> >>> >>> ________________________________ >>> From: Andres Riancho <andres.rian...@gmail.com> >>> To: "w3af-us...@lists.sourceforge.net" <w3af-us...@lists.sourceforge.net>; >>> "w3af-develop@lists.sourceforge.net" <W3af-develop@lists.sourceforge.net> >>> Sent: Sunday, October 6, 2013 3:38 AM >>> Subject: [W3af-develop] Snort rules to detect malware >>> >>> Guys, >>> >>> We already have a clamav plugin that will identify if an http >>> response body (usually a PE, DLL, ELF, PDF, DOC etc.) contains a virus >>> or not. The other day I was thinking about how to improve this and >>> came up with the idea of using snort rules to detect malware [0] >>> >>> The idea is rather simple: >>> * Crawl the site (we already do that) >>> * Parse snort rules into regular expressions >>> * Create a grep plugin that will apply those regular >>> expressions to each HTTP response body >>> * If a match is found, then report it to the knowledge base >>> >>> What do you guys think about the idea? Anyone with snort >>> experience to weight in with some facts on how many false positives >>> are found by rules like these? Anyone knows about the licensing for >>> the rules? Can we include them into our repository? >>> >>> [0] https://github.com/andresriancho/w3af/issues/671 >>> >>> Regards, >>> -- >>> Andrés Riancho >>> Project Leader at w3af - http://w3af.org/ >>> Web Application Attack and Audit Framework >>> Twitter: @w3af >>> GPG: 0x93C344F3 >>> >>> ------------------------------------------------------------------------------ >>> October Webinars: Code for Performance >>> Free Intel webinars can help you accelerate application performance. >>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >>> from >>> the latest Intel processors and coprocessors. See abstracts and register > >>> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> W3af-develop mailing list >>> W3af-develop@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
