Friday, August 17, 2007

Sourcefire buys ClamAV

If you haven't seen this article yet, Sourcefire (the developers behind Snort) have acquired the open source anti-virus project ClamAV.

I sure didn't see this coming. I wonder if it means that a gateway security product is in the works? In any case, Sourcefire has an excellent track record with the OSS community (recent licensing issues notwithstanding), so I can only see this as a positive for ClamAV and ClamAV users.

1 comment:

Karl Tatgenhorst said...

I have done some work with this previously. I used tcpDump to capture ports 80,25,8080,udp 21 and write them all to a file. I then used tcpXtract (? it's been a while) to reassemble files from those streams. The files were then scanned with ClamAV and only positives and their associated data were saved. This system logged to the same syslog server as my other data collectors and SEC would correlate that to any other alerts. It was pretty fun.