Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ClamAV patch against 2.3.0RC2

From: Will Metcalf <william.metcalf () gmail com>
Date: Thu, 30 Dec 2004 15:29:09 -0600
I have created a diff for the clamav preproc against 2.3.0RC2.  The
only new feature Victor Julien and I added was a dbreload-time as an
argument to clamav via snort.conf.  This way we don't have to sighup
snort if we update the clamav viri database.  We also made a small 
change to configure.in to deal with the 0.80 api. You may have to run
autoreconf -f to get configure to pickup the changes made to
configure.in


From snort.conf......


# ClamAV virusscanning preprocessor   
# 
# This preprocessor will scan the data in the packets for virusses.
# See README.clamav for details and limitations.
#
# Available options (comma delimited):              
# 
#   ports: a space delimited list of ports that will be scanned.
#     all: all ports
#     n  : single port to be scanned
#     !n : not scan port n (to be used with 'all'   
#
#   toclientonly: scan only the traffic to the client (tcp only)
#   toserveronly: scan only the traffic to the server (tcp only)
#
#   action-drop : drop the infected packet (snort_inline only)
#   action-reset: reset the connection (snort_inline only)
# 
#   dbdir: path to the clamav definitions directory.
#
#   dbreload-time: Amount of time in seconds to wait before checking
the db for new virus sigs
# 
# Example:
# preprocessor clamav: ports all !22 !443, toclientonly, dbdir
/usr/share/clamav, dbreload-time 43200
# 

Download:

https://sourceforge.net/tracker/index.php?func=detail&aid=1093478&group_id=78497&atid=553469

MD5SUM:

8c61230c12469ddf0d2cc6422d912e56

Regards,

Will


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: