|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: carlopmart (carlopmart
gmail.com)
Date: Sat Sep 22 2007 - 17:21:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
After setting up and solve my problems (thanks to all) with snort
inline version 2.6.1.5, I will try to do some tests for block virus
across http service.
I put this line on snort.conf:
preprocessor clamav: ports all !22 !443, toclientonly, action-drop,
dbdir /var/clamav, dbreload-time 43200
before preprocessor http_inspect. My iptables rule to pass control to
snort inline is:
iptables -A FORWARD -i br0 -p 0 -m state --state NEW -j QUEUE
I have try to block eicar virus
(http://www.eicar.org/download/eicar.com) without luck.
What am I doing wrong???
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]