snort-inline-users

Re: [Snort-inline-users] have problem running snort-inline with clamav on FreeBSD

[Will M. <wil...@gm...>]

Nick any ideas?  The patch is against snort-2.3.0.

Regards,

Will


On Tue, 8 Mar 2005 10:28:24 +0800, alfa <al...@ia...> wrote:
>  
> Hi, 
>   
> I am a newbie, I just installed snort_inline with support of ipfw and clamav
> on FreeBSD 4.10. It seems running well, but when i try to download eicar
> testfile. it pass thru. 
>   
> listed below are my ipfw rules: 
>   
> 00050 298848 156441501 divert 8668 ip from any to any via fxp0
> 00060    376     52493 divert 7500 ip from any to any
> 00100     68      3400 allow ip from any to any via lo0
> 00200      0         0 deny ip from any to 127.0.0.0/8
> 00300      0         0 deny ip from 127.0.0.0/8 to any
> 65000 585828 313867668 allow ip from any to any
> 65535      0         0 allow ip from any to any
>   
> and i then started snort_inline 
> (snort_inline -J 7500 -D -c /etc/snort_inline/etc/snort_inline.conf). 
>   
> attached are my snort_inline config file and startup messages. 
>   
> btw. what does snort_inline-2.3.0-RC1.diff used for? when i patched
> snort_inline with this file i cannot compile. 
>   
> Thanks/Alfa 
>   
>   
>

Re: [Snort-inline-users] have problem running snort-inline with clamav on FreeBSD

[Richard C. <ric...@gm...>]

I have also had this issue.  I have the following line in my snort_inline.conf:

preprocessor clamav: ports all !22 !443,  dbdir /var/lib/clamav,
dbreload-time 43200

This line is before my http_inspect preprocessor.  I keep the files in
/var/lib/clamav up to date with freshclam running in daemon mode.

I try "wget http://eicar.com/download/eicar.com"  while snort is
running and the download is successful every time.

Thanks,
Rich Compton 


On Mon, 7 Mar 2005 20:38:48 -0600, Will Metcalf
<wil...@gm...> wrote:
> Nick any ideas?  The patch is against snort-2.3.0.
> 
> Regards,
> 
> Will
> 
> 
> On Tue, 8 Mar 2005 10:28:24 +0800, alfa <al...@ia... > wrote:
> >
> > Hi,
> >
> > I am a newbie, I just installed snort_inline with support of ipfw and clamav
> > on FreeBSD 4.10. It seems running well, but when i try to download eicar
> > testfile. it pass thru.
> >
> > listed below are my ipfw rules:
> >
> > 00050 298848 156441501 divert 8668 ip from any to any via fxp0
> > 00060    376     52493 divert 7500 ip from any to any
> > 00100     68      3400 allow ip from any to any via lo0
> > 00200      0         0 deny ip from any to 127.0.0.0/8 
> > 00300      0         0 deny ip from 127.0.0.0/8 to any
> > 65000 585828 313867668 allow ip from any to any
> > 65535      0         0 allow ip from any to any
> >
> > and i then started snort_inline
> > (snort_inline -J 7500 -D -c /etc/snort_inline/etc/snort_inline.conf).
> >
> > attached are my snort_inline config file and startup messages.
> >
> > btw. what does snort_inline-2.3.0-RC1.diff used for? when i patched
> > snort_inline with this file i cannot compile.
> >
> > Thanks/Alfa
> >
> >
> >
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click 
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li... 
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users 
> 


-- 
Thanks,
Rich Compton