<html dir="ltr"><head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style>@font-face {
font-family: 宋体;
}
@font-face {
font-family: Verdana;
}
@font-face {
font-family: @宋体;
}
@page Section1 {margin: 72.0pt 90.0pt 72.0pt 90.0pt; layout-grid: 15.6pt; }
P.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
LI.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
DIV.MsoNormal {
TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
FONT-WEIGHT: normal; COLOR: windowtext; FONT-STYLE: normal; FONT-FAMILY: Verdana; TEXT-DECORATION: none
}
DIV.Section1 {
}
</style>
<meta content="MSHTML 6.00.6000.16397" name="GENERATOR">
<style title="owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
</head>
<body ocsi="x">
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">You should be able to from System.IO import Ports and then have access to the .NET SerialPort functionality. Is this not working for you or do you mean something else?</font></div>
<div dir="ltr"> </div>
<div id="divRpF373483" style="DIRECTION: ltr">
<hr tabindex="-1">
<font face="Tahoma" size="2"><b>From:</b> users-bounces@lists.ironpython.com [users-bounces@lists.ironpython.com] On Behalf Of supermeter [supermeter@163.com]<br>
<b>Sent:</b> Sunday, March 04, 2007 6:12 AM<br>
<b>To:</b> Discussion of IronPython<br>
<b>Subject:</b> Re: [IronPython] serialport<br>
</font><br>
</div>
<div></div>
<div>
<div><font face="Verdana" color="#0000ff" size="2">I hope IronPython can support Serialport Class.</font></div>
<div><font face="Verdana" size="2"></font> </div>
<div align="left">
<div align="left"><font face="Verdana" size="2">
<hr style="WIDTH: 122px; HEIGHT: 2px" size="2">
</font></div>
<div><font color="#c0c0c0"><font face="Verdana" size="2">supermeter</font></div>
<div><font face="Verdana" size="2">2007-03-04</font></font></div>
</div>
<div><font face="Verdana" size="2">
<hr>
</font></div>
<div><font face="Verdana"><font size="2"><strong>发件人:</strong> Karren Sulliver</font></font></div>
<div><font face="Verdana"><font size="2"><strong>发送时间:</strong> 2007-03-04 20:33:44</font></font></div>
<div><font face="Verdana"><font size="2"><strong>收件人:</strong> users@lists.ironpython.com</font></font></div>
<div><font face="Verdana"><font size="2"><strong>抄送:</strong> </font></font></div>
<div><font face="Verdana"><font size="2"><strong>主题:</strong> [IronPython] update</font></font></div>
<div><font face="Verdana" size="2"></font> </div>
<div><font face="Verdana" size="2">
<p><br>
Hello,</p>
<p>I would like to include a rule when another is triggered, for example:</p>
<p>If this rule is triggered:<br>
drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE<br>
Malware Gator/Clarian Agent"; flow: to_server,established;<br>
uricontent:"/gbsf/gd/ne/new.net.gtrg2ze"; nocase; classtype: <br>
policy-violation; reference:url,<br>
<a href="http://www3.ca.com/securityadvisor/pest/content.aspx?q=67999" target="_blank">www3.ca.com/securityadvisor/pest/content.aspx?q=67999</a>; sid: 2001306;<br>
rev:5;)</p>
<p>I would like to also trigger this rule for n minutes/seconds:<br>
drop tcp any any -> any 80 (classtype:attempted-user; msg:"Port 80<br>
connection initiated";)</p>
<p>I've looked at the tagging option for rules but I need to drop them, not<br>
just log them.</p>
<p>Any ideas?</p>
<p> </p>
<p><a href="http://www.webservertalk.com/archive251-2005-12-1314914.html" target="_blank">http://www.webservertalk.com/archive251-2005-12-1314914.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2006-December/004607.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2006-December/004607.html</a><br>
<a href="http://www.webservertalk.com/archive251-2005-12-1309708.html" target="_blank">http://www.webservertalk.com/archive251-2005-12-1309708.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2006-December/004731.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2006-December/004731.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2004-June/000915.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2004-June/000915.html
</a><br>
<a href="http://9fans.net/archive/2005/04/4" target="_blank">http://9fans.net/archive/2005/04/4</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004203.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004203.html
</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2005-March/001764.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2005-March/001764.html</a><br>
<a href="http://www.webservertalk.com/archive251-2005-10-1221632.html" target="_blank">http://www.webservertalk.com/archive251-2005-10-1221632.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004360.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004360.html
</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004454.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004454.html</a><br>
<a href="http://9fans.net/archive/2005/04/251" target="_blank">http://9fans.net/archive/2005/04/251
</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2007-January/004931.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2007-January/004931.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2005-March/001765.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2005-March/001765.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2007-January/004931.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2007-January/004931.html
</a><br>
<a href="http://root.cern.ch/root/roottalk/roottalk05/2994.html" target="_blank">http://root.cern.ch/root/roottalk/roottalk05/2994.html</a><br>
<a href="http://root.cern.ch/root/roottalk/roottalk05/2578.html" target="_blank">http://root.cern.ch/root/roottalk/roottalk05/2578.html
</a><br>
<a href="http://root.cern.ch/root/roottalk/roottalk04/2681.html" target="_blank">http://root.cern.ch/root/roottalk/roottalk04/2681.html</a><br>
<a href="http://9fans.net/archive/2005/04/366" target="_blank">http://9fans.net/archive/2005/04/366</a>
<br>
<a href="http://root.cern.ch/root/roottalk/roottalk05/2439.html" target="_blank">http://root.cern.ch/root/roottalk/roottalk05/2439.html</a><br>
<a href="http://root.cern.ch/root/roottalk/roottalk05/0505.html" target="_blank">http://root.cern.ch/root/roottalk/roottalk05/0505.html
</a><br>
<a href="http://sourceforge.net/mailarchive/message.php?msg_id=8539894" target="_blank">http://sourceforge.net/mailarchive/message.php?msg_id=8539894</a><br>
<a href="http://sourceforge.net/mailarchive/forum.php?thread_id=5617912&forum_id=9566" target="_blank">http://sourceforge.net/mailarchive/forum.php?thread_id=5617912&forum_id=9566</a><br>
<a href="http://lists.us.dell.com/pipermail/dkms-devel/2005-December/000417.html" target="_blank">http://lists.us.dell.com/pipermail/dkms-devel/2005-December/000417.html
</a><br>
<a href="http://lists.us.dell.com/pipermail/dkms-devel/2005-March/000309.html" target="_blank">http://lists.us.dell.com/pipermail/dkms-devel/2005-March/000309.html</a><br>
<a href="http://www.webservertalk.com/archive251-2005-10-1222482.html" target="_blank">http://www.webservertalk.com/archive251-2005-10-1222482.html</a></p>
<p>Sguil (pronounced sgweel) is built by network security analysts for<br>
network security analysts. Sguil's main component is an intuitive GUI<br>
that provides realtime events from snort/barnyard. It also includes<br>
other components which facilitate the practice of Network Security<br>
Monitoring and event driven analysis of IDS alerts. The sguil client<br>
is written in tcl/tk and can be run on any operating system that<br>
supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32). </p>
<p>Sguil version 0.6.0 contains two significant differences from previous<br>
versions. The first difference is the use of the mysql MRG_MyISAM<br>
(MERGE) engine for the sancp, event, *hdr, and data tables. With the<br>
MERGE engine, it is possible to keep hundreds of millions of rows of <br>
data active and online and still be functional (queries to the DB are<br>
reasonably responsive). The use of MERGE and the associated schema<br>
makes backing up and restoring data amazingly simple and quick. The<br>
UPGRADE text in the sguil-0.6.0/doc directory of the source contains<br>
more detail as well as upgrade instructions.</p>
<p>The second major change was to the sguil output plugin for barnyard<br>
(op_sguil) and the communications structure between the sensors and<br>
sguild. Op_sguil now uses tcl libraries and sends data via localhost<br>
to the sensor's agent. All communications between the sensor and <br>
sguild now flow thru sensor_agent. This means the mysql libraries are<br>
no longer needed on the sensors. Since barnyard does not need to be<br>
compiled with mysql support, op_sguil (barnyard) and mysql 4+ may be<br>
used together without any license conflicts. </p>
<p><br>
<a href="http://lists.us.dell.com/pipermail/dkms-devel/2005-December/000425.html" target="_blank">http://lists.us.dell.com/pipermail/dkms-devel/2005-December/000425.html</a><br>
<a href="http://lists.ibiblio.org/pipermail/cc-licenses/2005-December/003059.html" target="_blank">http://lists.ibiblio.org/pipermail/cc-licenses/2005-December/003059.html</a><br>
<a href="http://comments.gmane.org/gmane.comp.java.junit.announce/110" target="_blank">http://comments.gmane.org/gmane.comp.java.junit.announce/110</a><br>
<a href="http://9fans.net/archive/2006/08/6" target="_blank">http://9fans.net/archive/2006/08/6</a><br>
<a href="http://9fans.net/archive/2005/03/82" target="_blank">http://9fans.net/archive/2005/03/82</a><br>
<a href="http://9fans.net/archive/2006/08/146" target="_blank">http://9fans.net/archive/2006/08/146</a><br>
<a href="http://blog.gmane.org/gmane.comp.java.junit.announce" target="_blank">http://blog.gmane.org/gmane.comp.java.junit.announce</a><br>
<a href="http://9fans.net/archive/2006/05/12" target="_blank">http://9fans.net/archive/2006/05/12</a><br>
<a href="http://9fans.net/archive/2005/03/97" target="_blank">http://9fans.net/archive/2005/03/97</a><br>
<a href="http://9fans.net/archive/2006/05/131" target="_blank">http://9fans.net/archive/2006/05/131</a><br>
<a href="http://segate.sunet.se/cgi-bin/wa?A2=ind0409&L=handikapp&P=23681" target="_blank">http://segate.sunet.se/cgi-bin/wa?A2=ind0409&L=handikapp&P=23681
</a><br>
<a href="http://www.tutorials-blog.com/plan9/plan9-26.html" target="_blank">http://www.tutorials-blog.com/plan9/plan9-26.html</a><br>
<a href="http://9fans.net/archive/2006/05/255" target="_blank">http://9fans.net/archive/2006/05/255</a><br>
<a href="http://www.arcknowledge.com/gmane.comp.lang.c++.root/2004-09/threads.html" target="_blank">http://www.arcknowledge.com/gmane.comp.lang.c++.root/2004-09/threads.html</a><br>
<a href="http://www.webservertalk.com/archive251-2005-10-1236635.html" target="_blank">http://www.webservertalk.com/archive251-2005-10-1236635.html</a><br>
<a href="http://news.gmane.org/group/gmane.comp.java.junit.announce/last=/force_load=t" target="_blank">http://news.gmane.org/group/gmane.comp.java.junit.announce/last=/force_load=t</a><br>
<a href="http://9fans.net/archive/2006/05/274" target="_blank">http://9fans.net/archive/2006/05/274</a><br>
<a href="http://marc.10east.com/?l=mysap-linux-general&r=1&b=200503&w=1" target="_blank">http://marc.10east.com/?l=mysap-linux-general&r=1&b=200503&w=1</a><br>
<a href="http://www.webservertalk.com/archive251-2005-9-1188388.html" target="_blank">http://www.webservertalk.com/archive251-2005-9-1188388.html</a><br>
<a href="http://www.webservertalk.com/archive251-2004-9.html" target="_blank">http://www.webservertalk.com/archive251-2004-9.html</a><br>
<a href="http://www.webservertalk.com/archive251-2005-9-1217604.html" target="_blank">http://www.webservertalk.com/archive251-2005-9-1217604.html</a><br>
<a href="http://9fans.net/archive/2006/12/141" target="_blank">http://9fans.net/archive/2006/12/141</a></p>
<p><br>
have just patched snort 2.3.3 with ClamAV-2.3.3-1.diff and it doesn't<br>
seem to work as advertised. I have the following preprocessor line</p>
<p>preprocessor clamav: ports all !20 !22 !443, toclientonly, dbdir<br>
/var/ftp/pub/tools/clamav-devel/share/clamav/, dbreload-time 43200,<br>
file-descriptor-mode</p>
<p>I strace'd snort while downloading <a href="http://EICAR.COM" target="_blank">
EICAR.COM</a> and the klez virus from a<br>
remote HTTP server - the strace shows the daily.* files being loaded -<br>
which tells me ClamAV is being enabled - but nothing got detected. I <br>
even ran tcpdump on the same interface and can see the HTTP download -<br>
so it's definitely not a wiring issue either.</p>
<p>I can see tonnes of /tmp/snort_inline-clamav-XXXXXX files being created,<br>
opened,closed and unlinked - but no virus was detected. The summary that<br>
is outputted when snort exits shows zero alerts - and nothing shows up <br>
via the syslog or mysql output processors I use.</p>
<p> </p>
</font></div>
</div>
</body>
</html>