Snort mailing list archives
Re: Integrating ClamAv into Snort
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 12 Feb 2013 11:23:43 -0700
What you are looking for is something like RazorBack, or possibly BroIDS. -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Tuesday, February 12, 2013 10:01 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Integrating ClamAv into Snort On 2/12/2013 11:48, Ayodele Okeowo wrote:
folks, Has anyone successfully integrated or used ClamAv with Snort? if, Yes, please could you share how and what documentation to read to be able to implement this?
for what reason? if you are thinking about scanning files that users transfer, then you want to include additional packages along side of your snort... these would perform full packet capture and then offer slicing out the files for analysis... snort needs to sniff and sniff only... it doesn't need to worry about things like scanning for viruses or even trying to log to a database... these things slow snort down and traffic is lost or otherwise not analyzed... that's not a GoodThing<tm>... leave these tasks to other apps to handle ;) ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort waldo kitty (Feb 12)
- Re: Integrating ClamAv into Snort Jefferson, Shawn (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Jefferson, Shawn (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Jeremy Hoel (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Joel Esler (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Joel Esler (Feb 13)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 13)
- Re: Integrating ClamAv into Snort Jefferson, Shawn (Feb 12)
- Re: Integrating ClamAv into Snort waldo kitty (Feb 12)