SnortClamAV
This preprocessor will scan the data in the packets for viruses. See README.clamav for details and limitations. http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/?&cvsroot=snort-clamav Available options (comma delimited): ports: a space delimited list of ports that will be scanned. all: all ports n : single port to be scanned n : not scan port n (to be used with 'all' toclientonly: scan only the traffic to the client (tcp only) toserveronly: scan only the traffic to the server (tcp only) action-drop : drop the infected packet (snort_inline only) action-reset: reset the connection (snort_inline only) dbdir: path to the clamav definitions directory. dbreload-time: time in seconds to refresh the read of the AV signatures file-descriptor-mode: writes packetbuffer to a temp file for scanning we suggest you use tmpfs for this Experimental descriptor-temp-dir: used only in conjunction with file-descriptor-mode sets the directory where we write the packet buffer for scanning of viri. Defaults to /tmp once again MOUNT a tmpfs file system as not to kill performance. Example: preprocessor clamav: ports all 22 443, toclientonly, dbdir /usr/share/clamav, dbreload-time 43200, file-descriptor-mode This project is maintained by William Metcalf and Victor Julien. -- MattJonkman - 20 Mar 2007
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r2 - 2008-03-26 - MattJonkman
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats