What is Snort?

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.

New to Snort?

  1. Requirements

    Before installing Snort you need to verify that you have a number of software packages installed. These are: Libpcap, PCRE, Libnet and Barnyard. Click the requirements button for more information on these packages.

  2. Downloads

    Once the platform is prepared, you need to download and install the Snort Engine. The Snort Engine can be downloaded as source code or binaries for popular operating systems. Click the downloads button for more information about the Snort Engine and how to download.

  3. Rules

    Snort requires a current ruleset to deliver the latest detection capabilities. Snort Rules are distributed separately from the engine. Click the rules button for more information on the rulesets available on Snort.org

  4. Docs

    Users have reams of documentation available, the official docs, a wide array of set-up guides and dozens of Snort books. Click the Docs button for more information on available documentation.

The Snort Blog

The VRT Blog

The ClamAV Blog

  • ClamAV needs an Intern

    The VRT is looking for an Intern to assist with the ClamAV and Razorback projects. If you ...

    Posted by Joel Esler on Apr 09, 2012

  • On-access scanning for OS X

    The ClamAuth kernel extension ...

    Posted by Joel Esler on Mar 21, 2012

  • ClamAV 0.97.4 has been released!

    ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial support for ...

    Posted by Joel Esler on Mar 19, 2012