Project Overview

NOTE: This is a PoC that I haven’t had time to launch… but maybe one day!

The Contributor project aims to help people:

  • Learn how to analyze malware and malicious network traffic
  • Apply their skills by analyzing real-world malware
  • Write detection content for Snort and ClamAV

How it Works

  1. Project maintainers identify good entry-level malware analysis / network traffic analysis projects and advertise them in the GitHub issue tracker

  2. Participants pick an interesting project proposal and indicate their interest in working on it in the issue comments.

  3. The maintainers assign the issue to the interested participant(s), and they begin working on it (using training materials in the Knowledge Base and with help from the community via the Contributor Slack Space (Instructions on joining can be found on the Getting Started page).

  4. Participants submit their findings and detection content for review

  5. Upon successful review, the detection content is published in the Snort / ClamAV community rulesets, and participants add their names to the Hall of Fame

Current Status

This project is still being launched, but we hope to enter alpha testing soon. Once we’ve conducted alpha testing with a handful of individuals contributing through the project, we plan to advertise the project and solicit more participants.

Future Plans

This project would also lend itself nicely to advertising meaningful Snort and ClamAV software development projects for interested individuals to work on. If this is something you are interested in, let us know!

Frequently Asked Questions

What is Snort?

The most awesome open-source Intrusion Detection System (IDS)

(TODO answer better, including how many users it has)

What is ClamAV?

The most awesome open-source Anti-Virus application

(TODO answer better, including how many users it has, common uses, maybe who uses it)

Why was this program created?

From recvfrom:

By my senior year in college I had developed a good foundation of technical skills and had a strong desire to contribute to open source projects, but I didn’t know where to start. Specifically, I didn’t know:

  • How I could contribute (what needed to be done)
  • What I’d need to learn to be capable of contributing
  • The workflow for contributing to a given project

Fortunately, a distinguished engineer from Cisco came to my university looking for students interested in contributing to Wireshark. He did a lot of work with the IETF and knew of some recently standardized network protocols lacking Wireshark dissectors. Also, from contributing to Wireshark in the past he knew the processes for getting code changes into the project. He gave us some basic presentations on the network protocols, the Wireshark dissector API, the coding standards, and the Wireshark patch submission workflow, and then divided us into teams to write the dissectors. Through this effort I was able to make my first contribution to the open source community, something I was very proud of and which wouldn’t have happened without the guidance and mentorship I received.

This project aims to replicate that with a focus on contributing open source detection content for Snort and ClamAV.

Why should I participate?

  • Snort and ClamAV are well-known open source projects, and listing contributions to them will look great on your resume. Also, having made contributions like this demonstrates that you are smart and gets things done

  • Snort and ClamAV are used by millions of people worldwide, so your contributions will have a large impact

  • Many organizations write custom Snort and/or ClamAV detection content in-house, so knowing how can be a marketable skill