Snort mailing list archives
ClamAV patch against 2.3.0RC2
From: Will Metcalf <william.metcalf () gmail com>
Date: Thu, 30 Dec 2004 15:29:09 -0600
I have created a diff for the clamav preproc against 2.3.0RC2. The only new feature Victor Julien and I added was a dbreload-time as an argument to clamav via snort.conf. This way we don't have to sighup snort if we update the clamav viri database. We also made a small change to configure.in to deal with the 0.80 api. You may have to run autoreconf -f to get configure to pickup the changes made to configure.in
From snort.conf......
# ClamAV virusscanning preprocessor # # This preprocessor will scan the data in the packets for virusses. # See README.clamav for details and limitations. # # Available options (comma delimited): # # ports: a space delimited list of ports that will be scanned. # all: all ports # n : single port to be scanned # !n : not scan port n (to be used with 'all' # # toclientonly: scan only the traffic to the client (tcp only) # toserveronly: scan only the traffic to the server (tcp only) # # action-drop : drop the infected packet (snort_inline only) # action-reset: reset the connection (snort_inline only) # # dbdir: path to the clamav definitions directory. # # dbreload-time: Amount of time in seconds to wait before checking the db for new virus sigs # # Example: # preprocessor clamav: ports all !22 !443, toclientonly, dbdir /usr/share/clamav, dbreload-time 43200 # Download: https://sourceforge.net/tracker/index.php?func=detail&aid=1093478&group_id=78497&atid=553469 MD5SUM: 8c61230c12469ddf0d2cc6422d912e56 Regards, Will ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ClamAV patch against 2.3.0RC2 Will Metcalf (Dec 30)