<div dir="ltr"><div>Hi all,<br><br>I have downloaded clamAV database and converted to md5 hash database .<br></div>Added rule in suricata to scan md5 hash DB for threats.<br><div><br>i have downloaded a tar file having threat .ClamAV is able to detect the threat in the tar file but suricata is not identifying .<br></div><div>Please suggest .<br><div><br>Ref Link:<br><a href="https://samiux.blogspot.in/2015/10/howto-clamav-for-suricata.html">https://samiux.blogspot.in/2015/10/howto-clamav-for-suricata.html</a><br><div class="gmail_extra"><a href="http://old.honeynet.org/scans/scan19/scan19.tar.gz">http://old.honeynet.org/scans/scan19/scan19.tar.gz</a><br><br>Thanks<br></div><div class="gmail_extra">srinivas<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 7, 2017 at 9:52 AM, Srinivasreddy R <span dir="ltr"><<a href="mailto:srinivasreddy4390@gmail.com" target="_blank">srinivasreddy4390@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thank you .<div><div class="gmail-h5"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 6, 2017 at 10:34 PM, Cooper F. Nelson <span dir="ltr"><<a href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I've done something like that, however I've found it more productive to<br>
integrate it with VirusTotals.  You can use the API or just search on<br>
the sha256 hash by referencing it in the url:<br>
<br>
> <a href="https://www.virustotal.com/en/file/a4497037f009abd0e6986e4228695d38e2778511cec800391199d788d355e623/analysis/" rel="noreferrer" target="_blank">https://www.virustotal.com/en/<wbr>file/a4497037f009abd0e6986e422<wbr>8695d38e2778511cec800391199d78<wbr>8d355e623/analysis/</a><br>
<br>
If there are no hits you can then send the file to VirusTotal for scanning.<br>
<br>
-Coop<br>
<br>
On<br>
<div class="gmail-m_-4467177761973495495HOEnZb"><div class="gmail-m_-4467177761973495495h5">><br>
7/3/2017 8:48 AM, Srinivasreddy R wrote:<br>
> Hi All, I am new to suricata .I have a question related to usage of<br>
> ClamAv with suricata. Is there any need/purpose to use ClamAV with<br>
> suricata ?<br>
><br>
> What are the possible use cases to use ClamAV along with suricata .?<br>
><br>
> thanks srinivas<br>
><br>
><br>
><br>
</div></div><div class="gmail-m_-4467177761973495495HOEnZb"><div class="gmail-m_-4467177761973495495h5">> ______________________________<wbr>_________________ Suricata IDS Users<br>
> mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundati<wbr>on.org</a> Site:<br>
> <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/suppor<wbr>t/</a><br>
> List:<br>
> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfound<wbr>ation.org/mailman/listinfo/<wbr>oisf-users</a><br>
><br>
<br>
<br>
</div></div><span class="gmail-m_-4467177761973495495HOEnZb"><font color="#888888">--<br>
Cooper Nelson<br>
Network Security Analyst<br>
UCSD ACT Security Team<br>
<a href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a> x41042<br>
<br>
</font></span></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div></div></div></div>