Snort mailing list archives
Blocking virus with snort inline 2.6.1.5
From: carlopmart <carlopmart () gmail com>
Date: Sun, 23 Sep 2007 00:21:44 +0200
Hi all, After setting up and solve my problems (thanks to all) with snort inline version 2.6.1.5, I will try to do some tests for block virus across http service. I put this line on snort.conf: preprocessor clamav: ports all !22 !443, toclientonly, action-drop, dbdir /var/clamav, dbreload-time 43200 before preprocessor http_inspect. My iptables rule to pass control to snort inline is: iptables -A FORWARD -i br0 -p 0 -m state --state NEW -j QUEUE I have try to block eicar virus (http://www.eicar.org/download/eicar.com) without luck. What am I doing wrong??? Many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Blocking virus with snort inline 2.6.1.5 carlopmart (Sep 22)
- Re: Blocking virus with snort inline 2.6.1.5 Will Metcalf (Sep 22)
- Re: Blocking virus with snort inline 2.6.1.5 carlopmart (Sep 23)
- Re: Blocking virus with snort inline 2.6.1.5 carlopmart (Sep 24)
- Re: Blocking virus with snort inline 2.6.1.5 Joel Esler (Sep 24)
- Re: Blocking virus with snort inline 2.6.1.5 Will Metcalf (Sep 24)
- Re: Blocking virus with snort inline 2.6.1.5 carlopmart (Sep 24)
- Re: Blocking virus with snort inline 2.6.1.5 (more info) carlopmart (Sep 24)
- Re: Blocking virus with snort inline 2.6.1.5 carlopmart (Sep 23)
- Re: Blocking virus with snort inline 2.6.1.5 Will Metcalf (Sep 22)