Snort mailing list archives
Re: clamav preprocessor unknown?
From: Will Metcalf <william.metcalf () gmail com>
Date: Tue, 9 Nov 2004 06:55:48 -0600
Tristan, Try the following, make clean autoreconf -f ./configure --enable-clamav when you run make you should see a -DCLAMAV flag passed to the compiler. Everything else looks good. Regards, Will On Tue, 09 Nov 2004 12:06:05 +0100, Tristan Krakau (ci-Tec) <tristan.krakau () ci-tec de> wrote:
Hi there,
I just installed snort-inline on a Debian Sarge machine from source
(2.2.0) and it seemed to be ok. I also used the
./configure --enable-clamav
option, since I have clamav installed (but clamd is not running, I do
the clamscan calls manually). There was also no problem with
configure/make and running snort_inline.
But when I try to activate the clamav-preprocessor in snort_inline.conf:
preprocessor clamav: ports all !22 !443, action-drop
I cannot run snort_inline anymore because of this error:
ERROR: unknown preprocessor "xav"
Fatal Error, Quitting..
It is also really strange, that the preprocessor is named "xav" here,
although it is "clamav" in the .conf - but it works when I remove the
clamav line from .conf, so this surely means "clamav".
Is the preprocessor not included in the snort-inline-2.2.0 source and I
have to add it myself? But the README.clamav and the example lines in
the .conf file were also included, so I think the preprocessor should be
there.
Or does it depend on the clamd daemon running?
Thanks for your help!
Tristan
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- clamav preprocessor unknown? Tristan Krakau (ci-Tec) (Nov 09)
- Re: clamav preprocessor unknown? Will Metcalf (Nov 09)
- Re: clamav preprocessor unknown? Tristan Krakau (ci-Tec) (Nov 09)
- Re: clamav preprocessor unknown? Alex Butcher, ISC/ISYS (Nov 09)
- <Possible follow-ups>
- RE: clamav preprocessor unknown? Mike (Nov 19)
- Re: clamav preprocessor unknown? Will Metcalf (Nov 09)