Clam AntiVirus (ClamAV) is a free, cross-platform antivirus software tool-kit capable of detecting many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, Mac OS X, OpenVMS, OSF and Solaris. At one time it had a native version available for Windows, but that project has been ended.

Both ClamAV and its updates are made available free of charge.

Sourcefire, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.

Below are 6 screencasts by by Tomasz Kojm discussing: an overview of ClamAV, architecture, deployment and installation, detection mechanism, and troubleshooting.

Part I - http://www.youtube.com/watch?v=hqitIW_XgGI

Part II - http://www.youtube.com/watch?v=YWowwh_32cA

Part III - http://www.youtube.com/watch?v=jElBFo07y5I

Part IV - http://www.youtube.com/watch?v=wMjMoMcu_4c

Part V - http://www.youtube.com/watch?v=tJvn9AquL6g

Part VI - http://www.youtube.com/watch?v=WX2Xdh3KghU

A beta version of Snort 2.8.5 is now available on snort.org, at
http://www.snort.org/dl/

Snort 2.8.5 introduces:

- Ability to specify multiple configurations (snort.conf and everything
it includes), bound either by VLAN ID or IP Address. This allows you
to run one instance of Snort with multiple snort.confs, rather than
having separate processes.

- Continued inspection of traffic while reloading a configuration.
Add –enable-reload option to your configure script prior to building.

- Rate Based Attack prevention for Connection Attempts, Concurrent
Connections, and improved rule/event filtering. See README.filters
for details.

- SSH preprocessor (no longer experimental)

- Performance improvements in various places

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to snort-beta@sourcefire.com.

Happy Snorting!
The Snort Release Team

Hi all,

As many of you know the Snort project recently reached its 10th Anniversary.  In honor of this milestone we’re giving Snort a new website to call home.  This site update is much more than just a new look and feel.  We’re rebuilding the site from the ground up to better serve the needs of the Snort Community.  Once the site is complete, some of the improvements you’ll see are:

•    Simplified navigation including a new persistent links panel at the bottom of every page allowing you to get the content you need from anywhere on the site
•    Improved user account management allowing you to edit all of your profile information including your email address
•    New Forums application with the ability to rate posts
•    Improved management of VRT Subscriptions including the ability to generate multiple Oinkcodes

The new Snort.org site is still in development but we’ve reached a point where we’d like to ask you, the community for feedback.  We’ve released a beta site at: http://beta.snort.org that we’d like you to review and provide feedback on.  We’d primarily like your feedback on the new look and feel, updated navigation and content on the site. We’d also like you to submit enhancement requests for new features and content you’d like to see on Snort.org

We’d particularly like to get specific feedback on additional content that you as a Snort user, rule writer or someone who is developing related projects would like to see on the site that would help you in your day to day life with Snort.

This is a live project and we’ll continue to add functionality and content based on your feedback.  In this beta release some of the site functionality has been disabled.  At this time you will not be able to register an account, log in, post to the forums, generate Oinkcodes, or buy a VRT subscription, but all other site features are open for your review.  We’ll migrate all user account and subscription information prior to the site going live.

All feedback should be submitted via a very short survey at: https://www.surveymonkey.com/s.aspx?sm=WjBviOcPU5nPg5002A12pg_3d_3d.

Thanks for you help and feedback on this project.

Mike Guiterman (Sourcefire)

Hi  Everyone,

On behalf of the Snort Team at Sourcefire, I’d like to invite you to attend the next session of the Snort Users Webinar Series.

In this webinar Steve Kane, Snort product manager and Steve Sturges, Snort development team manager will discuss What’s New in Snort 2.8.4.

Snort 2.8.4 introduced a number of new features to improve the detection capabilities and performance of Snort. The release features a new DCE/RPC preprocessor and improved preprocessor support for IPv6.  The release also added new support for target-based functionality and the ability to prefilter traffic to improve performance.

Webinar details:

Date: April 22, 2009
Time: 10:00 AM US Eastern Daylight Time (GMT -4:00)

To register for this webinar visit:
https://sourcefireevents.webex.com/sourcefireevents/onstage/g.php?t=a&d=668169687

As always this session will be recorded and posted on Snort.org for future use.

I hope you can join us.

Mike Guiterman (Sourcefire)

Snort 2.8.4 is now available on snort.org, at http://www.snort.org/dl/

Snort 2.8.4 introduces:

- A revised DCE/RPC preprocessor with more rule options

With the new DCE/RPC preprocessor, there will be a number of updates to the rules. Please be sure to update your rules to the latest when that package is available (next few days).

- Support for IPv6 in Frag3 and all application preprocessors

- Improved target-based support in preprocessors

- Option to automatically pre-filter traffic that is not inspected in order to improve performance

- Several other improvements and fixes

Please see the release notes and changelog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team

http://securitysauce.blogspot.com/2009/04/snort-30-beta-3-released.html

http://www.snort.org/dl/snortsp/

Snort Security Platform (SnortSP) 3.0 Beta

We’re pleased to introduce our first beta release built on the new Snort 3.0 architecture. The Snort 3.0 architecture consists of two primary components: a software platform called the Snort Security Platform (SnortSP) 3.0, which is shipping in beta form in this release, and traffic analysis engine modules that plug into SnortSP. This beta test release contains one engine module which contains the Snort 2.8.2 detection engine implemented as a SnortSP engine module. SnortSP is an open-source platform for running packet-based network security applications. It provides many of the common functions required by programs that deal with packet processing such as configuration loading, event generation and traffic logging, data acquisition, protocol decoding and validation, flow management, and more.

Major features:

• Shell-based user interface with embedded scripting language
• Native IPv6, MPLS and GRE support
• Native support for inline operation
• More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
• Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic
• Performance increases

The purpose of this beta release is to allow people to get exposure to the technology and to use the code in real-world environments - and as an opportunity to solicit feedback on the design and user experience of the new Snort code.

Mordecai Kraushar of CipherTechs will be doing a presentation on using Snort within  a SIM and Matt Olney of the VRT will be doing the presentation on writing effective rules.

RSVP either via the Snort list or via CipherTechs

Meeting is at 6PM

55 Broadway 11th Floor

212 897-6900 X 255

Snort 2.8.3.2 is now available on snort.org, at http://www.snort.org/dl/

Snort 2.8.3.2 provides improvements in handling of server-side
TCP data payloads and updates to target based processing.

NST v1.8.1 has been Released. This version includes many enhancements to the NST WUI (Web-Based front-end) to Snort IDS supporting multiple network interface sensors for the detection of security threat incidents. Also included is a Snort IDS Collector - A back-end MySQL Database configured for the storage of Snort IDS security threat incidents in support of an enterprise wide federation of Snort IDS sensors. See the NST home page: http://www.networksecuritytoolkit.org for further information about this NST release.

The Snort 3.0 architecture consists of two primary components: a software platform called the Snort Security Platform (SnortSP) 3.0, which is shipping in beta form in this release, and traffic analysis engine modules that plug into SnortSP. This beta test release contains one engine module which contains the Snort 2.8.2 detection engine implemented as a SnortSP engine module. SnortSP is an open-source platform for running packet-based network security applications. It provides many of the common functions required by programs that deal with packet processing such as configuration loading, event generation and traffic logging, data acquisition, protocol decoding and validation, flow management, and more.Major features:

• Shell-based user interface with embedded scripting language
• Native IPv6, MPLS and GRE support
• Native support for inline operation
• More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
• Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic
• Performance increases

The purpose of this beta release is to allow people to get exposure to the technology and to use the code in real-world environments - and as an opportunity to solicit feedback on the design and user experience of the new Snort code. All feedback on the beta should go to <sspbeta’at’sourcefire’dot’com>

Click here to download

« Previous entries