Snort ClamAV virus scanning preprocessor and new snort2pf
Posted by creining | Filed under Security
I read that a new preprocessor for Snort integrates ClamAV which will scan packets for viruses before passing the data on to Snort for detection. I really like this idea. The virus rules in the offical Snort rules tarball have been defunct for quite some time so it’s nice to implement some level of virus detection within Snort. The Snort ClamAV virusscanning preprocessor project page is hosted at Bleeding Snort. The addition of ClamAV with Snort reminds be of the ability within the Snort analysis frontend Pigris (still not released publicly) to scan the payload of one or several alerts with ClamAV. In related Snort news, I saw that the OpenBSD based snort2pf which was written in Perl has been rewritten in C and released as snort2c. These programs use Snort in order to act as an IDS/IPS by blocking traffic using Snort alerts. Additional support was added to snort2c during the rewrite to provide in-program whitelisting and logging to syslog.
Comments are closed.