[Snort-users] Blocking virus with snort inline

carlopmart carlopmart at ...11827...
Sat Sep 22 18:21:44 EDT 2007

Hi all,

  After setting up and solve my problems (thanks to all) with snort 
inline version, I will try to do some tests for block virus 
across http service.

  I put this line on snort.conf:

  preprocessor clamav: ports all !22 !443, toclientonly, action-drop, 
dbdir /var/clamav, dbreload-time 43200

  before preprocessor http_inspect. My iptables rule to pass control to 
snort inline is:

iptables -A FORWARD -i br0 -p 0 -m state --state NEW -j QUEUE

  I have try to block eicar virus 
(http://www.eicar.org/download/eicar.com) without luck.

  What am I doing wrong???

  Many thanks.

CL Martinez
carlopmart {at} gmail {d0t} com

More information about the Snort-users mailing list