Menu
▾
▴
Re: [Snort-inline-users] snort with snort_inline and clamav
|
From: <ka...@ez...> - 2004-12-29 20:11:57
|
On Wed, 29 Dec 2004 14:02:21 -0600 Will Metcalf <wil...@gm...> wrote: >> With snort 2.3RC2, I thought it had the snort_inline >code >> rolled in. Therefore I would assume clamav support. >> However, no matter what I can get it to build with >clamav. >> On the same system, snort_inline 2.2.0a builds with >clamav >> and works flawlessly. > >They decided they didn't want the clamav stuff in normal >snort. I'll >release a patch this weekend for clamav only against >2.3.0. As soon >as Victor and I can find enough time finish up >snort_inline-2.3.0 we >will release it with clamav+stickydrop+stream4inline. > Unfortunately >Victor and I both have full-time jobs and while we would >like to work >on snort_inline all the time we there just aren't enough >hours in a >day. > > >Yeah that should work fine. It works fine this way and I added the suggested log change to spp_clamav to get it to use the mysql stream/log since it does not require a lot of speed. Even over stunnel, the alerts are coming nicely -- and we just put in another 4 of these things.... Great tool!!!! BTW - if you need additional testers - let me know. Kat |