[Snort-users] clamav preprocessor unknown?
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Tue Nov 9 06:48:05 EST 2004
--On 09 November 2004 12:06 +0100 "Tristan Krakau (ci-Tec)"
<Tristan.Krakau at ...12644...> wrote:
> Hi there,
> I just installed snort-inline on a Debian Sarge machine from source
> (2.2.0) and it seemed to be ok. I also used the
> ./configure --enable-clamav
> option, since I have clamav installed (but clamd is not running, I do the
> clamscan calls manually). There was also no problem with configure/make
> and running snort_inline.
> But when I try to activate the clamav-preprocessor in snort_inline.conf:
> preprocessor clamav: ports all !22 !443, action-drop
> I cannot run snort_inline anymore because of this error:
> ERROR: unknown preprocessor "xav"
> Fatal Error, Quitting..
> It is also really strange, that the preprocessor is named "xav" here,
> although it is "clamav" in the .conf - but it works when I remove the
> clamav line from .conf, so this surely means "clamav".
I've observed similar bugs with the configuration file parser before when
the parameters to other pre-processors weren't correct. Double check
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users