Menu
▾
▴
Re: [Snort-inline-users] Tips for integrating with Squid?
|
From: Cooper F. N. <cn...@uc...> - 2007-03-06 21:01:43
|
I did not know about it! Thanks for the tip, I will look into it. I've also seen the squidclamav product, http://www.samse.fr/GPL/ , which I was not able to get to work. I was able to get the snort-inline based solution working pretty easily and blocking on virus, phishing and web client exploits; however the bad packet is just dropped. No way currently to alert the user of malicious content. My problem with both of these projects is that they are basically AV based, where I want AV + web client exploits. Maybe the right thing to do is write a parser that can read snort rules and generate clamav sigs from them. I guess I could also create a daemon to read the snort logs or database and creates IP tables based rule on that. -Cooper Will Metcalf wrote: > Why would you not use and or extend HAVP? > > http://www.server-side.de/ > > On 3/2/07, *Cooper F. Nelson* < cn...@uc... > <mailto:cn...@uc...>> wrote: > > Hi, > > I'm currently evaluating the possibility of using snort-inline as a > malware/phishing filter on an existing squid cache. > > I would appreciate some feedback/suggestions on a few issues. > > Performance is critical. Does --enable-nfnetlink help in this regard? > Are there any other suggestions to optimize deployment, other than > simply enabling only the rules/preprocessors appropriate for web > traffic? > > As a feature request, would it be possible to add an iptables client > re-direct to the clamav preprocessor and rule syntax? I would like to > implement something like SquidClamAV project where users are presented > with a page detailing that the site is blocked and why. > > -- > Cooper Nelson > Network Security Analyst > UCSD ACS/Network Operations > cn...@uc... <mailto:cn...@uc...> x41042 > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net 's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV> > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > <mailto:Sno...@li...> > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > -- Cooper Nelson Network Security Analyst UCSD ACS/Network Operations cn...@uc... x41042 |
