I'm with a doubt in snort, if someone can help me. ;)
I have snort.conf using several rules. One of this files is
virus.rules, where i only have virus signatures. =]
And this rules is working properly when a virus arrive (it detect
virus and log).
But i like that the snort didn't log only, i like that snort log and
drop (delete) the package whith mismatch with a virus signature (based
on virus.rules). :))
How to do it ??
Some idea ??
Thkz a lot.