Menu
▾
▴
Re: [Snort-inline-users] correcting snort_inline blocking ?
|
From: Dino D. <dra...@gf...> - 2005-01-19 10:08:20
|
You have to configure clamav preprocessor in your config. Default action is writing to alert file. To block virus traffic you have to use action-drop or action-reset. preprocessor clamav: ports all !443 !22, action-reset Regards, ~~~ Dino Dragovic, system administrator Gradevinski fakultet Osijek // Faculty of Civil Engineering dra...@gf... www.gfos.hr ----- Original Message ----- From: <tha...@gb...> To: <sno...@li...> Sent: Wednesday, January 19, 2005 7:55 AM Subject: [Snort-inline-users] correcting snort_inline blocking ? > my snort_inline box is working by capture every anomally traffic ex. > virus, exploit ... etc. > > but when i was try to download virus from outside, it alert only but not > block that virus. so where should i check or have a look in order to let > my snort_inline box block all virus traffics ? > > Regards, > Thanasin > > > > ------------------------------------------------------- > The SF.Net email is sponsored by: Beat the post-holiday blues > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
