[Oisf-users] suricata and ClamAV

[Srinivasreddy R]

Hi all,

I have downloaded clamAV database and converted to md5 hash database .
Added rule in suricata to scan md5 hash DB for threats.

i have downloaded a tar file having threat .ClamAV is able to detect the
threat in the tar file but suricata is not identifying .
Please suggest .

Ref Link:
https://samiux.blogspot.in/2015/10/howto-clamav-for-suricata.html
http://old.honeynet.org/scans/scan19/scan19.tar.gz

Thanks
srinivas

On Fri, Jul 7, 2017 at 9:52 AM, Srinivasreddy R <srinivasreddy4390 at gmail.com
> wrote:

> Thank you .
>
>
> On Thu, Jul 6, 2017 at 10:34 PM, Cooper F. Nelson <cnelson at ucsd.edu>
> wrote:
>
>> I've done something like that, however I've found it more productive to
>> integrate it with VirusTotals.  You can use the API or just search on
>> the sha256 hash by referencing it in the url:
>>
>> > https://www.virustotal.com/en/file/a4497037f009abd0e6986e422
>> 8695d38e2778511cec800391199d788d355e623/analysis/
>>
>> If there are no hits you can then send the file to VirusTotal for
>> scanning.
>>
>> -Coop
>>
>> On
>> >
>> 7/3/2017 8:48 AM, Srinivasreddy R wrote:
>> > Hi All, I am new to suricata .I have a question related to usage of
>> > ClamAv with suricata. Is there any need/purpose to use ClamAV with
>> > suricata ?
>> >
>> > What are the possible use cases to use ClamAV along with suricata .?
>> >
>> > thanks srinivas
>> >
>> >
>> >
>> > _______________________________________________ Suricata IDS Users
>> > mailing list: oisf-users at openinfosecfoundation.org Site:
>> > http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> > List:
>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >
>>
>>
>> --
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ACT Security Team
>> cnelson at ucsd.edu x41042
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170712/c7d9cbda/attachment-0002.html>