[Snort-users] ClamAV preprocessor
sam at ...5202...
Tue Aug 24 07:01:11 EDT 2004
Wow, this sounds really cool! I didn't see a download link, but we could
offer up some of our sensors and heavy network traffic for testing.
Victor Julien said:
> Hi Jason,
> On Tuesday 24 August 2004 02:53, Jason Haar wrote:
>> On Tue, Aug 17, 2004 at 11:09:14PM -0500, William Metcalf wrote:
>> > I know that some of folks don't think that doing virus detection with
>> > and IDS is a good idea, but Victor Julien and I have developed a
>> > preprocessor that can detect virus activity in network traffic, using
>> > clamav c function and the clamav virus database. On to the preproc,
>> > can enable
>> Wow - freaky!
>> Have you got any stats on how such a preprocessor affects Snort?
>> e.g. how much more CPU/memory load, FP rates, etc.
> No, although with no hard data i can say the load seems to be ok.
>> As far as FP rates go, I mean as it's "just" an AV preprocessor (now
>> there's an understatement!), I assume it isn't also a SMB preprocessor -
>> it isn't translating raw network data back into files before letting
>> loose on it
> You are correct.
>> - so the chances for FP must be higher due to that.
> Well, maybe you are right, but i'm running it for a few weeks now, and
> seen any fp. But this is one thing we need to find out by heavy testing
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users