Hello, all! Just wanted to tell everyone about a project I've been working on as well as seek a little help from the public. I've been trying to tweak a system that uses snort to find infected machines on our network. Currently we have 3 Snort machines monitoring various segments of our network. Things seem to be working well. The biggest problem is creating rules that can help track various viruses. Does anyone have any tricks regarding rule writing? Anyone have rules that are effective in finding infected machines? Any help would be appreciated!