From: Will M. <wil...@gm...> - 2005-04-17 23:03:25
|
List, Well here you go, this is a ClamAV patch against 2.3.2. Victor and I added support for file descriptor scanning in this release so give it a shot and let us know. =20 I promise at some point we will get a new release out, Victor and I are both very busy right now. I'll post this diff on our sourceforge page, but it appears as if they are having problems with their site. I'll send the actual diff in a seperate e-mail, the md5sum for that file is at the bottom of this message. From the 2.3.2 snort_inline.conf # ClamAV virusscanning preprocessor # # This preprocessor will scan the data in the packets for virusses. # See README.clamav for details and limitations. # # Available options (comma delimited): # # ports: a space delimited list of ports that will be scanned. # all: all ports # n : single port to be scanned # !n : not scan port n (to be used with 'all' # # toclientonly: scan only the traffic to the client (tcp only) # toserveronly: scan only the traffic to the server (tcp only) # # action-drop : drop the infected packet (snort_inline only) # action-reset: reset the connection (snort_inline only) # # dbdir: path to the clamav definitions directory. # # dbreload-time: time in seconds to refresh the read of the AV signatures # # file-descriptor-mode: writes packetbuffer to a temp file for scanning we suggest you use tmpfs for this *Experimental* # # descriptor-temp-dir: used only in conjunction with file-descriptor-mode sets the directory where we write the packet # buffer for scanning of viri. Defaults to /tmp once again MOUNT a tmpfs file system as not to kill performance. # # Example: # preprocessor clamav: ports all !22 !443, toclientonly, dbdir /usr/share/clamav, dbreload-time 43200, file-descriptor-mode # md5sum of the file is 3931b99d27a45a8002f8ed610e481163 Regards, Will |