Menu
▾
▴
Re: [Snort-inline-users] have problem running snort-inline with clamav on FreeBSD
|
From: Richard C. <ric...@gm...> - 2005-03-09 03:45:17
|
I have also had this issue. I have the following line in my snort_inline.conf: preprocessor clamav: ports all !22 !443, dbdir /var/lib/clamav, dbreload-time 43200 This line is before my http_inspect preprocessor. I keep the files in /var/lib/clamav up to date with freshclam running in daemon mode. I try "wget http://eicar.com/download/eicar.com" while snort is running and the download is successful every time. Thanks, Rich Compton On Mon, 7 Mar 2005 20:38:48 -0600, Will Metcalf <wil...@gm...> wrote: > Nick any ideas? The patch is against snort-2.3.0. > > Regards, > > Will > > > On Tue, 8 Mar 2005 10:28:24 +0800, alfa <al...@ia... > wrote: > > > > Hi, > > > > I am a newbie, I just installed snort_inline with support of ipfw and clamav > > on FreeBSD 4.10. It seems running well, but when i try to download eicar > > testfile. it pass thru. > > > > listed below are my ipfw rules: > > > > 00050 298848 156441501 divert 8668 ip from any to any via fxp0 > > 00060 376 52493 divert 7500 ip from any to any > > 00100 68 3400 allow ip from any to any via lo0 > > 00200 0 0 deny ip from any to 127.0.0.0/8 > > 00300 0 0 deny ip from 127.0.0.0/8 to any > > 65000 585828 313867668 allow ip from any to any > > 65535 0 0 allow ip from any to any > > > > and i then started snort_inline > > (snort_inline -J 7500 -D -c /etc/snort_inline/etc/snort_inline.conf). > > > > attached are my snort_inline config file and startup messages. > > > > btw. what does snort_inline-2.3.0-RC1.diff used for? when i patched > > snort_inline with this file i cannot compile. > > > > Thanks/Alfa > > > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > -- Thanks, Rich Compton |
