Two Questions about Bro
vern at icir.org
Mon Jul 21 23:24:26 PDT 2003
> but when I put with mt.bro and worm.bro policy files. It makes segmentation
> fault. Worm analyzer doesn't work perfect now ?
You need to provide details and, if at all possible, a test case that
reproduces the problem. You should probably send these to me privately
rather than via the mailing list, unless others on the list indicate that
they've encountered a similar problem.
> and I have one more question. I want to add another virus/worm detection
> feature to Bro. (Likes Klez or Lovegate)
It would be best to do this using Bro's new signature engine. Currently,
worm.bro is only for detecting HTTP-based worms.
> But Manual is hard for me to do that job so I'm looking for information
> that can help me. Where can I find it ?
Unfortunately, it will be just as difficult, or more so, to explain how
to do this via email as for you to learn how to do so from the manual
plus inspecting the policy scripts that come with the Bro distribution.
More information about the Bro