[Snort-users] Snort 2.4.anyversion +clamav patch problems

Lezgin Bakircioglu lerra82 at ...11827...
Tue May 2 01:43:00 EDT 2006


Hi everybody, I got a huge problem, I am trying to get clamav and snort 
working together and I am using the clamav patch from 
http://www.bleedingsnort.com/staticpages/index.php?page=snort-clamav and 
matching it to the same version of snort that I am trying to patch.
I get the exact problem on all the versions I have patched, here is what 
i did (step to step):

patch -p1 < ../snort-2.4.3-clamonly.diff
autoconf -f
configure --enable-clamav (says OK on clamav part)
make

plugbase.o(.text+0x463): In function `InitPreprocessors':
/home/lerra/testing/clamav/snort-2.4.3/src/plugbase.c:426: undefined 
reference to `SetupClamAV'
collect2: ld returned 1 exit status

grep clamav src/plugbase.c
#include "preprocessors/spp_clamav.h"

I have tried both debian package for sarge 3.1 and i tried the src 
(clamav-0.88.2, ./configure;make;make install) of clamav, same problem. 
Is there anybody that have succeed snort+clamav patching and compiling?

One more question while I am at it, how "good" is it to patch a patched 
version of snort? Thinking of applying SPADE ("AI" preprocessor) to 
snort. Else I will do a ugly solution with UML/XEN for the same machine.
I know there is working snort+clamav thing in snort_inline but i don't 
want to use iptables and apart from that it gives error when i try to 
compile with the SPADE patch.
Is there anybody else that experiences the same problem that I do and 
have a solution to this?





More information about the Snort-users mailing list