[Snort-users] Integrating ClamAv into Snort

waldo kitty wkitty42 at ...14940...
Tue Feb 12 13:00:42 EST 2013


On 2/12/2013 11:48, Ayodele Okeowo wrote:
> folks,
>
> Has anyone successfully integrated or used ClamAv with Snort? if, Yes, please
> could you share how and what documentation to read to be able to implement this?

for what reason? if you are thinking about scanning files that users transfer, 
then you want to include additional packages along side of your snort... these 
would perform full packet capture and then offer slicing out the files for 
analysis...

snort needs to sniff and sniff only... it doesn't need to worry about things 
like scanning for viruses or even trying to log to a database... these things 
slow snort down and traffic is lost or otherwise not analyzed... that's not a 
GoodThing<tm>... leave these tasks to other apps to handle ;)




More information about the Snort-users mailing list