Talos_LightSPD.tar.gz and snortrules-snapshot-31470.tar.gz

[dotgate]

Talos_LightSPD.tar.gz and snortrules-snapshot-31470.tar.gz and snortrules-snapshot-29151.tar.gz

When I download above files on windows machine they show as virus files.

Kindly help.

(source of files: https://www.snort.org/downloads)

[Patrick M. Hausen]

So your Windows AV product flags these files? How is this OPNsense related?

[someone]

When I ran antivirus on snort rules or suricata rules It would trigger virus alert
If those files havnt been tampered with they may be good, and from a good source
Some of the same parts that make a rule also triggers antivirus alert
Its not the virus itself, just parts they can grab to identify it, words, actions, etc
Snort rules will not run in suricata and vice versa, two different engines
Only a few out of 150,000 rules, not worth the effort of converting them
Unless you are trying to develop a specific rule on a specific packet flow
They take packets of the virus intrusion or whatever it is
And feed it into one of the engines to make a rule
Some of these rules that are output are not in human readable form

[dotgate]

So your Windows AV product flags these files? How is this OPNsense related?

Given that such files drive how ids and ips services in opnsense will respond to threats,

And they are updated frequently, one must make sure  protector is not the devil