[Snort-devel] stream based av and snort/Stream5
lynch.meng at ...2499...
Tue Mar 9 21:29:03 EST 2010
on tue, 9 Mar 2010 15:59:54 -0500, randy at ...3004... wrote:
>> hello all! I am working for develop a snort preprosessor to do stream
>> based anti virus. I need do mime decodeing and decompress, so reassembled
>> packets should come to my preprosessor sequentially. client side packet
>> have no problem, but i can not get packet with PKT_REBUILT_STREAM flags
>> from server side?
>As Snort is not currently multi-threaded, wouldn't this have terrible
>consequences when larger files are encountered?
>Then again, does the threading factor even matter? I'm not too familiar
>with the internals of preprocessors (do/can they lock?).
about larger files problem, streamav_size option will be added. av
engine will be skipped
when over size file encountered.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel