Re: [Snort-inline-users] have problem running snort-inline with clamav on FreeBSD

[Nick R. <ni...@ro...>]

On Tue, 8 Mar 2005, alfa wrote:

> Hi,
>
> I am a newbie, I just installed snort_inline with support of ipfw and 
> clamav on FreeBSD 4.10. It seems running well, but when i try to 
> download eicar testfile. it pass thru.

 	Is snort_inline even seeing the traffic?  Write a log rule for
 	that piece of traffic so snort_inline logs it.  Also, you can
 	write an ipfw log rule between rule #60 -> #65000 to see if it
 	is passing on the through snort_inline or not.

 	I haven't played with ClamAV much so I will investigate this more.

>
> listed below are my ipfw rules:
>
> 00050 298848 156441501 divert 8668 ip from any to any via fxp0
> 00060    376     52493 divert 7500 ip from any to any
> 00100     68      3400 allow ip from any to any via lo0
> 00200      0         0 deny ip from any to 127.0.0.0/8
> 00300      0         0 deny ip from 127.0.0.0/8 to any
> 65000 585828 313867668 allow ip from any to any
> 65535      0         0 allow ip from any to any
>
> and i then started snort_inline
> (snort_inline -J 7500 -D -c /etc/snort_inline/etc/snort_inline.conf).
>
> attached are my snort_inline config file and startup messages.
>
> btw. what does snort_inline-2.3.0-RC1.diff used for? when i patched 
> snort_inline with this file i cannot compile.
>
> Thanks/Alfa
>
>

Nick Rogness <ni...@ro...>
-
   How many people here have telekenetic powers? Raise my hand.
   				-Emo Philips