[Snort-devel] Snort ClamAV Plugin

Rajkumar S. rajkumars at ...2891...
Mon Jul 31 03:16:03 EDT 2006


Quoting Derek Schuff <dschuff at ...2893...>:

> I think so, although I don't know the specifics of flexresp. But   
> preprocessors
> do alerts (see spp_stream4.c), so I can't see any reason why not flexresp as
> well.

I am able to alert using spp_clamav, but what I am looking for is to  
do some actions like call the flexresp, which can be called from a  
rule. Say  resp:reset_dest;

It's also okay if I can just mark the packet which will then be  
matched by some rule, or just directly call the function from spp_clamav

raj





More information about the Snort-devel mailing list