Menu
▾
▴
[Snort-inline-users] ClamAV patch against 2.3.0RC2
|
From: Will M. <wil...@gm...> - 2004-12-30 21:31:11
|
I have created a diff for the clamav preproc against 2.3.0RC2. The only new feature Victor Julien and I added was a dbreload-time as an argument to clamav via snort.conf. This way we don't have to sighup snort if we update the clamav viri database. We also made a small change to configure.in to deal with the 0.80 api. You may have to run autoreconf -f to get configure to pickup the changes made to configure.in From snort.conf...... # ClamAV virusscanning preprocessor # # This preprocessor will scan the data in the packets for virusses. # See README.clamav for details and limitations. # # Available options (comma delimited): # # ports: a space delimited list of ports that will be scanned. # all: all ports # n : single port to be scanned # !n : not scan port n (to be used with 'all' # # toclientonly: scan only the traffic to the client (tcp only) # toserveronly: scan only the traffic to the server (tcp only) # # action-drop : drop the infected packet (snort_inline only) # action-reset: reset the connection (snort_inline only) # # dbdir: path to the clamav definitions directory. # # dbreload-time: Amount of time in seconds to wait before checking the db for new virus sigs # # Example: # preprocessor clamav: ports all !22 !443, toclientonly, dbdir /usr/share/clamav, dbreload-time 43200 # Download: https://sourceforge.net/tracker/index.php?func=detail&aid=1093478&group_id=78497&atid=553469 MD5SUM: 8c61230c12469ddf0d2cc6422d912e56 Regards, Will |
