[Snort-users] clamav preprocessor unknown?

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Tue Nov 9 06:48:05 EST 2004

--On 09 November 2004 12:06 +0100 "Tristan Krakau (ci-Tec)" 
<Tristan.Krakau at ...12644...> wrote:

> Hi there,
> I just installed snort-inline on a Debian Sarge machine from source
> (2.2.0) and it seemed to be ok. I also used the
> ./configure --enable-clamav
> option, since I have clamav installed (but clamd is not running, I do the
> clamscan calls manually). There was also no problem with configure/make
> and running snort_inline.
> But when I try to activate the clamav-preprocessor in snort_inline.conf:
> 	preprocessor clamav: ports all !22 !443, action-drop
> I cannot run snort_inline anymore because of this error:
> 	ERROR:  unknown preprocessor "xav"
> 	Fatal Error, Quitting..
> It is also really strange, that the preprocessor is named "xav" here,
> although it is "clamav" in the .conf - but it works when I remove the
> clamav line from .conf, so this surely means "clamav".

I've observed similar bugs with the configuration file parser before when 
the parameters to other pre-processors weren't correct. Double check 
they're correct.

Best Regards,
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

More information about the Snort-users mailing list