Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Blocking virus with snort inline 2.6.1.5

From: carlopmart <carlopmart () gmail com>
Date: Sun, 23 Sep 2007 00:21:44 +0200
Hi all,

  After setting up and solve my problems (thanks to all) with snort 
inline version 2.6.1.5, I will try to do some tests for block virus 
across http service.

  I put this line on snort.conf:

  preprocessor clamav: ports all !22 !443, toclientonly, action-drop, 
dbdir /var/clamav, dbreload-time 43200

  before preprocessor http_inspect. My iptables rule to pass control to 
snort inline is:

iptables -A FORWARD -i br0 -p 0 -m state --state NEW -j QUEUE

  I have try to block eicar virus 
(http://www.eicar.org/download/eicar.com) without luck.

  What am I doing wrong???

  Many thanks.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: