[Snort-devel] Snort ClamAV Plugin

Rajkumar S. rajkumars at ...2891...
Mon Jul 31 02:54:52 EDT 2006


Quoting Victor Julien <victor at ...2603...>:

Thanks a lot for your reply.

> Yes, if you enable stream4+stream4_reassemble and put the clamav config
> underneath that config, clamav will scan the reassembled stream as well.

Thanks. This was the info I was looking for.

> ClamAV implements the reset response, but i think it only works when
> running in inline mode... it's not possible to use the flexresp2
> actions for that.

I am using FreeBSD, so inline is ruled out. Also I am not very  
interested to make snort sit in between my traffic. Which was why I  
was looking at flexresp2.

raj





More information about the Snort-devel mailing list