How to detect a malware which is fragmented across multiple packets

How to detect a malware which is fragmented across multiple packets

How can we detect a malware which is fragmented across many packets , do we have to do some prefix /suffix matching kind of approach? Does tools like snort,Suricata support this ?