Menu
▾
▴
Re: [Snort-inline-users] Viri do not pass, but snort_inline is reticent - very strange
|
From: Holger M. <gan...@mo...> - 2005-10-21 16:17:59
|
Problem solved I found in snort_full the entys from clamav. And with the search "clamav mysql" i found that: http://sourceforge.net/mailarchive/message.php?msg_id=10301120 I should more RTFUL Read the fine User-List :) Thank you all. @ Will All the best to you and your bride to be. greetz Holger Will Metcalf schrieb: >No time to troubleshoot with you, somebody else is going to have to >help out. I won't be able to answer any questions until after Nov >12th. Working on a big project and getting married. > >Regards, > >Will > >On 10/20/05, Holger Moskopp <gan...@mo...> wrote: > > >>Very strange - As i told you, i got problems >>with Clamav and Snort-Inline. >> >>If i try to get a virus like >>Virus.CVC.PVT >>Virus.Linux.Cassini.1618 >>Virus.Script.ASX.Conp >>or >>Virus.Script.BRB.Barbus >>via ftp it don´t work. >> >>it build a datafile on the aim with that name but >>it is empty (0kb) or smaller than the orginal file. >>The ftp-connection stands still and if i hit return >>it said - no connection. (action is drop) >> >>It seem that clamav don't let pass the virus. >>But there is no notification in the mysql-database >>that a virus was blocked. >> >>Normal virifree Data passes ok. Also the Exploid.HTML.Mht >>passes without any difficultys. Could it be that exploids are not expected >>on that way? Is it only detected if it comes over a http-connection? >> >>Any idieas what could be wrong? Why is snort-inline so reticent in that >>cause? >> >>Thanks >>Holger >> >> >>------------------------------------------------------- >>This SF.Net email is sponsored by: >>Power Architecture Resource Center: Free content, downloads, discussions, >>and more. http://solutions.newsforge.com/ibmarch.tmpl >>_______________________________________________ >>Snort-inline-users mailing list >>Sno...@li... >>https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> >> >> > > > |
