[Snort-users] clamav preprocessor unknown?
Tristan Krakau (ci-Tec)
Tristan.Krakau at ...12644...
Tue Nov 9 03:06:01 EST 2004
I just installed snort-inline on a Debian Sarge machine from source
(2.2.0) and it seemed to be ok. I also used the
option, since I have clamav installed (but clamd is not running, I do
the clamscan calls manually). There was also no problem with
configure/make and running snort_inline.
But when I try to activate the clamav-preprocessor in snort_inline.conf:
preprocessor clamav: ports all !22 !443, action-drop
I cannot run snort_inline anymore because of this error:
ERROR: unknown preprocessor "xav"
Fatal Error, Quitting..
It is also really strange, that the preprocessor is named "xav" here,
although it is "clamav" in the .conf - but it works when I remove the
clamav line from .conf, so this surely means "clamav".
Is the preprocessor not included in the snort-inline-2.2.0 source and I
have to add it myself? But the README.clamav and the example lines in
the .conf file were also included, so I think the preprocessor should be
Or does it depend on the clamd daemon running?
Thanks for your help!
More information about the Snort-users