[Snort-users] Integrating ClamAv into Snort
wkitty42 at ...14940...
Tue Feb 12 13:00:42 EST 2013
On 2/12/2013 11:48, Ayodele Okeowo wrote:
> Has anyone successfully integrated or used ClamAv with Snort? if, Yes, please
> could you share how and what documentation to read to be able to implement this?
for what reason? if you are thinking about scanning files that users transfer,
then you want to include additional packages along side of your snort... these
would perform full packet capture and then offer slicing out the files for
snort needs to sniff and sniff only... it doesn't need to worry about things
like scanning for viruses or even trying to log to a database... these things
slow snort down and traffic is lost or otherwise not analyzed... that's not a
GoodThing<tm>... leave these tasks to other apps to handle ;)
More information about the Snort-users