Snort mailing list archives
Re: Integrating ClamAv into Snort
From: Ayodele Okeowo <aymacro () gmail com>
Date: Tue, 12 Feb 2013 13:24:51 -0500
Waldo, Thanks for clarifying that. I know Snort should be left alone which is why I'm using Squid with an Integrated ClamAv function to take care of that part. Just wanted to know if what I'm thinking is correct and which you have confirmed. Thanks again. Ayo On Tue, Feb 12, 2013 at 1:00 PM, waldo kitty <wkitty42 () windstream net>wrote:
On 2/12/2013 11:48, Ayodele Okeowo wrote:folks, Has anyone successfully integrated or used ClamAv with Snort? if, Yes,pleasecould you share how and what documentation to read to be able toimplement this? for what reason? if you are thinking about scanning files that users transfer, then you want to include additional packages along side of your snort... these would perform full packet capture and then offer slicing out the files for analysis... snort needs to sniff and sniff only... it doesn't need to worry about things like scanning for viruses or even trying to log to a database... these things slow snort down and traffic is lost or otherwise not analyzed... that's not a GoodThing<tm>... leave these tasks to other apps to handle ;) ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Integrating ClamAv into Snort, (continued)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Jeremy Hoel (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Joel Esler (Feb 12)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
- Re: Integrating ClamAv into Snort Joel Esler (Feb 13)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 13)
- Re: Integrating ClamAv into Snort Joel Esler (Feb 13)
- Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 13)
- Re: Integrating ClamAv into Snort Joel Esler (Feb 12)