[Snort-users] Integrating ClamAv into Snort

Ayodele Okeowo aymacro at ...11827...
Tue Feb 12 13:24:51 EST 2013


Waldo,

Thanks for clarifying that. I know Snort should be left alone which is why
I'm using Squid with an Integrated ClamAv function to take care of that
part.

Just wanted to know if what I'm thinking is correct and which you have
confirmed.

Thanks again.
Ayo


On Tue, Feb 12, 2013 at 1:00 PM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 2/12/2013 11:48, Ayodele Okeowo wrote:
> > folks,
> >
> > Has anyone successfully integrated or used ClamAv with Snort? if, Yes,
> please
> > could you share how and what documentation to read to be able to
> implement this?
>
> for what reason? if you are thinking about scanning files that users
> transfer,
> then you want to include additional packages along side of your snort...
> these
> would perform full packet capture and then offer slicing out the files for
> analysis...
>
> snort needs to sniff and sniff only... it doesn't need to worry about
> things
> like scanning for viruses or even trying to log to a database... these
> things
> slow snort down and traffic is lost or otherwise not analyzed... that's
> not a
> GoodThing<tm>... leave these tasks to other apps to handle ;)
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130212/03573330/attachment.html>


More information about the Snort-users mailing list