[Snort-devel] Snort ClamAV Plugin
rajkumars at ...2891...
Mon Jul 31 02:54:52 EDT 2006
Quoting Victor Julien <victor at ...2603...>:
Thanks a lot for your reply.
> Yes, if you enable stream4+stream4_reassemble and put the clamav config
> underneath that config, clamav will scan the reassembled stream as well.
Thanks. This was the info I was looking for.
> ClamAV implements the reset response, but i think it only works when
> running in inline mode... it's not possible to use the flexresp2
> actions for that.
I am using FreeBSD, so inline is ruled out. Also I am not very
interested to make snort sit in between my traffic. Which was why I
was looking at flexresp2.
More information about the Snort-devel