Menu
▾
▴
Re: [Snort-inline-users] snortinline-clamav crashes snort_inline
|
From: Victor J. <li...@in...> - 2007-04-13 23:37:48
|
Will Metcalf wrote: > Looks like PE analysis code in clamav is causing it to blow up, we can > add some code to deal with this return value but I want to dig into it > a bit more before we decide to do so. > If you look at the negative returncodes from clamav.h you can see we can't kill snort for (all of) them (as we assumed before): #define CL_EIO -12 /* general I/O error */ #define CL_EFORMAT -13 /* bad format or broken file */ My suggestion is to not use FatalError but create an alert for this, something like "Virusscan Failed" and add an option to the configuration to enable the admin to either pass or drop failed scans. While we are at it we should do the same for the positive returncodes. What do you think? Cheers, Victor |
