[Oisf-users] suricata and ClamAV

Peter Manev petermanev at gmail.com
Wed Jul 12 19:54:25 UTC 2017


On Wed, Jul 12, 2017 at 8:38 PM, Srinivasreddy R
<srinivasreddy4390 at gmail.com> wrote:
> yes i am running suricata and executing wget
> http://old.honeynet.org/scans/scan19/scan19.tar.gz .
> The tar file has been downloaded to suricata file-store .Once i extract it i
> get that pcap file .
> My expectation is suricata calculates md5 hash of the file and matches with
> md5 hash DB .

Is the file extracted successfully/completely ?

>
> thanks
> srinivas
>
>
> On Thu, Jul 13, 2017 at 12:00 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>>
>> That is a pcap file, not an extracted file.
>>
>> -Coop
>>
>> On 7/12/2017 11:26 AM, Srinivasreddy R wrote:
>>
>> I am able to see some results .
>> The md5 hash i am searching is  : 38e85119953076c904fd2105dfcb6cdb
>>
>>
>> thanks
>> srinivas
>>
>> On Wed, Jul 12, 2017 at 11:43 PM, Cooper F. Nelson <cnelson at ucsd.edu>
>> wrote:
>>>
>>> What happens if you search for the hash here?
>>>
>>> > https://www.virustotal.com/en/#search
>>>
>>> -Coop
>>
>>
>> --
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ACT Security Team
>> cnelson at ucsd.edu x41042
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list