Menu
▾
▴
Re: [Snort-inline-users] Fwd: Fwd: Clamav
|
From: Victor J. <vi...@nk...> - 2006-11-04 21:14:02
|
Francisco Mu=F1oz wrote: > > ---------- Forwarded message ---------- > From: *Victor Julien* <vi...@nk... <mailto:vi...@nk...>> > Date: Nov 4, 2006 4:59 PM > Subject: Re: [Snort-inline-users] Fwd: Clamav > To: Francisco Mu=F1oz <per...@gm... <mailto:per...@gm...>= > > Cc: sno...@li... > <mailto:sno...@li...> > > > > > > > I'll not be running snort_inline chrooted again. I thought it'd > > improve performance. > > > So without the -t option it still doesn't work? > > No, doesn't work, still drops all packets. > > Can you add and remove files from /clamscan manually? Have you tried > supplying a ordinary directory to the clamav preprocessor? > > I can add and remove files manually as an ordinary user to /clamscan > > I don't know how to supply a ordinary directory to the clamav > preprocessor. > Just do 'mkdir /tmp/somedir' and use 'descriptor-temp-dir /tmp/somedir' in your snort config. > If that all doesn't work you can compile snort_inline in debug mode. Yo= u > do that by adding --enable-debug to ./configure. > > Then, when you have rebuild snort_inline, you can run it like this: > export SNORT_DEBUG=3D67108864 > snort_inline <all your normal args> > > This will hopefully give some interesting output :-) > > Ok, i'll do it and post my findings. Ok, let us know :-) Cheers! Victor |
