I have created a diff for the clamav preproc against 2.3.0RC2. The
only new feature Victor Julien and I added was a dbreload-time as an
argument to clamav via snort.conf. This way we don't have to sighup
snort if we update the clamav viri database. We also made a small
change to configure.in to deal with the 0.80 api. You may have to run
autoreconf -f to get configure to pickup the changes made to
configure.in
From snort.conf......
# ClamAV virusscanning preprocessor
#
# This preprocessor will scan the data in the packets for virusses.
# See README.clamav for details and limitations.
#
# Available options (comma delimited):
#
# ports: a space delimited list of ports that will be scanned.
# all: all ports
# n : single port to be scanned
# !n : not scan port n (to be used with 'all'
#
# toclientonly: scan only the traffic to the client (tcp only)
# toserveronly: scan only the traffic to the server (tcp only)
#
# action-drop : drop the infected packet (snort_inline only)
# action-reset: reset the connection (snort_inline only)
#
# dbdir: path to the clamav definitions directory.
#
# dbreload-time: Amount of time in seconds to wait before checking
the db for new virus sigs
#
# Example:
# preprocessor clamav: ports all !22 !443, toclientonly, dbdir
/usr/share/clamav, dbreload-time 43200
#
Download:
https://sourceforge.net/tracker/index.php?func=detail&aid=1093478&group_id=78497&atid=553469
MD5SUM:
8c61230c12469ddf0d2cc6422d912e56
Regards,
Will
|
