Menu
▾
▴
Re: [Snort-inline-users] clamav preprocessor don't work
|
From: davide b. <dav...@gm...> - 2005-10-14 14:49:30
|
I've try to install snort 2.4.2: patch it and it return error " Hunk #1 succeeded at 859 with fuzz 2". After a search on the net i'v try to delete ome line of prelude in configure.in <http://configure.in> . i've try it. bu= t it return the error " Hunk #1 succeeded at 84 with fuzz 2. (offset -15)". I don't find nothing on the net about this....so i patched the configure.in<http://configure.in>and configure at hand. then i try configure snort with --enable-clamav & --enable-inline and all is ok.....but when i try make...i've got an error: "In function `InitPreprocessors': /home/china/Desktop/Clamav+snort/snort-2.4.2/src/plugbase.c:426: undefined reference to `SetupClamAV'" Someone can help me!?!?!?!? 2005/10/12, Victor Julien <vi...@nk...>: > > davide belloni wrote: > > Can i ask the reason of this line: > > > > File descriptor scanning mode: Disabled, using cl_scanbuf > > Directory for tempfiles (file descriptor mode): '' > > > > ???? > > > > Originally we used the cl_scanbuf function from clamav to scan the > packet payload. This function however, is going to be removed from a > future clamav release, so we were forced to look into alternatives. The > file descriptor mode is what came out of this. Basicly it stores every > payload on disk (can be a ramdisk for performance) and then scans the > file. You can give the directory where the files are saved as an option > to the clamav preprocessor. The file desc mode should be able to detect > more viruses because of the way it works internally in clamav. > > Example: > preprocessor clamav: ports all !22 !443, action-drop, dbreload-time > 3600, file-descriptor-mode, descriptor-temp-dir /tmp/snort-inline > > Regards, > Victor > -- China |
