Menu
▾
▴
Re: [Snort-inline-users] Clam AV
|
From: Will M. <wil...@gm...> - 2005-02-28 05:02:30
|
Hmmm does it work ok if you don't --enable-clamav? Regards, Will On Sun, 27 Feb 2005 18:29:42 -0500, Christopher Black <bla...@um...> wrote: > Excellent information, thank you. >=20 > Using snort_inline-2.2.0a and ClamAV 0.8.3, snort_inline crashes > immediately on boot with this error: >=20 > rcmdsh: unknown user: =EF=BF=BD=EF=BF=BD=EF=BF=BD$=EF=BF=BDPj=04V=EF=BF= =BDs=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD F=EF=BF=BD=EF=BF=BDX > Bus error (core dumped) > localhost# Feb 27 18:20:42 localhost /kernel: pid 86955 (snort_inline), > uid 0: exited on signal 10 (core dumped) >=20 > gdb says: > (gdb) core-file snort_inline.core > Core was generated by `snort_inline'. > Program terminated with signal 10, Bus error. > #0 0x281cb2b0 in ?? () > (gdb) >=20 > Any ideas? >=20 > Thanks! >=20 > Chris >=20 > Will Metcalf wrote: > >>1) Is ClamAV enabled in a default build of snort_inline? > > > > > > The code is there, but by default it is disabled. To enable > > ./configure --enable-clamav > > > > > >>2) How are snort_inline and ClamAV interconnected? ie: is it possible > >>to upgrade the ClamAV engine without affecting snort_inline? > > > > > > libclamav, you can upgrade as long as you are going from 0.8x to 0.8y > > or 0.7x to 0.7y you need to rebuild if you go from 0.7x to 0.8x > > > > > >>3) In snort_inline 2.2.0a, how are the virus and IDS signature database= s > >>re-read after a change? (Send a SIGHUP, restart, etc) > > > > > > SIGHUP or a restart. This is manual, in 2.3.0 you can specify an > > interval at which to reread the AV database. You still have to SIGHUP > > snort update the signatures. > > > > Regards, > > > > Will > > > > On Sat, 26 Feb 2005 17:55:11 -0500, Christopher Black > > <bla...@um...> wrote: > > > >>Hi all, I have some basic questions about ClamAV support. > >> > >>1) Is ClamAV enabled in a default build of snort_inline? > >>2) How are snort_inline and ClamAV interconnected? ie: is it possible > >>to upgrade the ClamAV engine without affecting snort_inline? > >>3) In snort_inline 2.2.0a, how are the virus and IDS signature database= s > >>re-read after a change? (Send a SIGHUP, restart, etc) > >> > >>Thanks! > >> > >>Chris > >> > >> > >> >=20 > -- >=20 >=20 > |
