[Snort-users] clamav preprocessor unknown?

Tristan Krakau (ci-Tec) Tristan.Krakau at ...12644...
Tue Nov 9 03:06:01 EST 2004


Hi there,

I just installed snort-inline on a Debian Sarge machine from source 
(2.2.0) and it seemed to be ok. I also used the
./configure --enable-clamav
option, since I have clamav installed (but clamd is not running, I do 
the clamscan calls manually). There was also no problem with 
configure/make and running snort_inline.

But when I try to activate the clamav-preprocessor in snort_inline.conf:

	preprocessor clamav: ports all !22 !443, action-drop

I cannot run snort_inline anymore because of this error:

	ERROR:  unknown preprocessor "xav"
	Fatal Error, Quitting..

It is also really strange, that the preprocessor is named "xav" here, 
although it is "clamav" in the .conf - but it works when I remove the 
clamav line from .conf, so this surely means "clamav".

Is the preprocessor not included in the snort-inline-2.2.0 source and I 
have to add it myself? But the README.clamav and the example lines in 
the .conf file were also included, so I think the preprocessor should be 
there.

Or does it depend on the clamd daemon running?


Thanks for your help!

Tristan





More information about the Snort-users mailing list