[Snort-users] deploying ClamAV with Snort IDS

Alan Brennan alanbrennan1 at ...11827...
Mon Feb 1 12:24:05 EST 2010

Hi guys,

I wish to deploy Snort in IDS mode (sitting off a tap), but I also want to
have detection of viruses, spyware, malware, etc.

Apparently it is possible to integrate the Clam AntiVirus system with Snort.

However, does Snort have to be deplpoyed in Inline (IPS) mode to avail of
the ClamAV preprocessor? Can I install ClamAV when Snort is running in
passive/IDS mode?

Also, can ClamAV module be used not only to detect viruses or malicious code
but also to drop/block these viruses?

Thanking you inadvance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100201/c741eef5/attachment.html>

More information about the Snort-users mailing list