Guys,
We already have a clamav plugin that will identify if an http
response body (usually a PE, DLL, ELF, PDF, DOC etc.) contains a virus
or not. The other day I was thinking about how to improve this and
came up with the idea of using snort rules to detect malware [0]
The idea is rather simple:
* Crawl the site (we already do that)
* Parse snort rules into regular expressions
* Create a grep plugin that will apply those regular
expressions to each HTTP response body
* If a match is found, then report it to the knowledge base
What do you guys think about the idea? Anyone with snort
experience to weight in with some facts on how many false positives
are found by rules like these? Anyone knows about the licensing for
the rules? Can we include them into our repository?
[0] https://github.com/andresriancho/w3af/issues/671
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
