Snort mailing list archives
Re: ClamAV + Snort
From: Xavier Cabrera <xavierc () devilcrack org>
Date: Wed, 04 May 2005 16:02:18 -0500
autoreconf -f its done... ClamAV-2.3.2-2.diff ..... with snort-2.3.3........ i have already patched... [root@aeroservice snort-2.3.3]# patch -p1 < ClamAV-2.3.2-2.diff patching file configure.in Reversed (or previously applied) patch detected! Assume -R? [n] I'm a little dummy.... but i can use this patch whit snort-2.3.3? :-( Thanks for your help.. Xavier C. [root@% snort-2.3.3]# ./configure --help ...... Optional Features:--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]--enable-64bit-gcc Try to compile 64bit (only tested on Sparc Solaris 9).
--disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors--enable-debug enable debugging options (bugreports and developers only)
--enable-profile enable profiling options (developers only) --enable-sourcefire Enable Sourcefire specific build options --enable-perfmonitor Enable perfmonitor preprocessor --enable-linux-smp-stats Enable statistics reporting through proc --enable-inline Use the libipq interface for inline snort --enable-ipfw Enable ipfw Divert mode for use with inline --enable-flexresp Flexible Responses on hostile connection attempts --enable-clamav Enable the clamav preprocessor Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-libpcap-includes=DIR libpcap include directory --with-libpcap-libraries=DIR libpcap library directory --with-libpcre-includes=DIR libpcre include directory --with-libpcre-libraries=DIR libpcre library directory --with-libnet-includes=DIR libnet include directory --with-libnet-libraries=DIR libnet library directory --with-mysql=DIR support for mysql --with-odbc=DIR support for odbc --with-postgresql=DIR support for postgresql --with-oracle=DIR support for oracle --with-libipq-includes=DIR libipq include directory --with-libipq-libraries=DIR libipq library directory --with-clamav-includes=DIR clamav include directory --with-clamav-defdir=DIR clamav virusdefinitions directory ................................... Will Metcalf wrote:
Xavier,autoreconf -frerun ./configure with your options make && make install What version of the patch are you using????? Regards, Will On 5/4/05, Xavier Cabrera <xavierc () devilcrack org> wrote:I recently compile snort whit Clam AV support, but i can make the think going to work... I compile whit the following options ./configure --enable-sourcefire --enable-flexresp --enable-inline --enable-debug --enable-perfmonitor --enable-clamav --with-clamav-includes=/usr/local/lib --with-clamav-defdir=/var/lib/clamav --with-mysql I install clamav from source 0.84 whitout problems... Snort compile whitout problems too... And the compilation of snort search for libclamav.so.1. so i made a ln -s /usr/local/lib/libclamav.so.1 /usr/lib/libclamav.so.1............ the think its goin to work.!! ............ but later in the next second apear in log: ERROR: unknown preprocessor "clamav" :-( :-( :-( :-( :-( :-( :-( :-( :-( :-( :-( My parameter in snort.conf its: preprocessor clamav: ports all !25 !443 !22 Anyone have a manual for install snort-inline + clamav ? This can be related to iptables? Thanks for any help Xavier C. ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- remote snort sensor Raynaud, Francois (May 04)
- Re: remote snort sensor Xavier Cabrera (May 04)
- <Possible follow-ups>
- RE: remote snort sensor Raynaud, Francois (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)
- Message not available
- Re: ClamAV + Snort Xavier Cabrera (May 04)
- Message not available
- Re: ClamAV + Snort Xavier Cabrera (May 04)
- ClamAV + Snort Xavier Cabrera (May 04)