[Oisf-users] Malware detection trough Mail how?

Jay M. jskier at gmail.com
Fri May 8 13:59:03 UTC 2015

You would need to sniff and often decrypt traffic somewhere between
the Internet and your mail gate. Encryption usually hinders this
process, and if you have a tap in place already, this is probably way
you aren't seeing anything. Ideally your mail gate would have AV and a
plethora of filter options to address e-mail malware.

jskier at gmail.com

On Fri, May 8, 2015 at 8:11 AM, Nick de Bruijn <nick_hyves at hotmail.com> wrote:
> Hello all,
> I can't figure out how I could use Suricata to detect malware.
> I want Suricata to detect malware sent in email attachments.
> Could someone explain me how I can do this?
> Now when I sent myself an EICAR file, Suricata doesn't recognize it.
> I would very much appreciate the help!
> Kind regards,
> Nick
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net

More information about the Oisf-users mailing list