Menu
▾
▴
snort-inline-users — The goal of this list is to help users debug/use snort_inline
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(15) |
Jun
(23) |
Jul
(54) |
Aug
(20) |
Sep
(18) |
Oct
(19) |
Nov
(36) |
Dec
(30) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(48) |
Feb
(16) |
Mar
(36) |
Apr
(36) |
May
(45) |
Jun
(47) |
Jul
(93) |
Aug
(29) |
Sep
(28) |
Oct
(42) |
Nov
(45) |
Dec
(53) |
| 2005 |
Jan
(62) |
Feb
(51) |
Mar
(65) |
Apr
(28) |
May
(57) |
Jun
(23) |
Jul
(24) |
Aug
(72) |
Sep
(16) |
Oct
(53) |
Nov
(53) |
Dec
(3) |
| 2006 |
Jan
(56) |
Feb
(6) |
Mar
(15) |
Apr
(14) |
May
(35) |
Jun
(57) |
Jul
(35) |
Aug
(7) |
Sep
(22) |
Oct
(16) |
Nov
(18) |
Dec
(9) |
| 2007 |
Jan
(8) |
Feb
(3) |
Mar
(11) |
Apr
(35) |
May
(6) |
Jun
(10) |
Jul
(26) |
Aug
(4) |
Sep
|
Oct
(29) |
Nov
|
Dec
(7) |
| 2008 |
Jan
(1) |
Feb
(2) |
Mar
(2) |
Apr
(13) |
May
(8) |
Jun
(3) |
Jul
(19) |
Aug
(20) |
Sep
(6) |
Oct
(5) |
Nov
|
Dec
(4) |
| 2009 |
Jan
(1) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(10) |
Jul
(2) |
Aug
(5) |
Sep
|
Oct
(1) |
Nov
|
Dec
(5) |
| 2010 |
Jan
(10) |
Feb
(10) |
Mar
(2) |
Apr
|
May
(7) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2011 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Sart C. <sar...@ya...> - 2013-03-29 04:49:21
|
http://www.onda-tejana.com/okvy/ejv.ymsj?dz |
|
From: Will M. <wil...@gm...> - 2013-03-18 21:58:25
|
You should probably send this to the snort-users mailing list. The snort-inline project is long abandoned the functionality has been rolled into mainline snort. http://www.snort.org/community/mailing-lists Regards, Will On Mon, Mar 18, 2013 at 4:44 PM, Tural Nazirov <tur...@ma...> wrote: > Hello Everybody, > > I am working on my project about Snort. Now I have finished to configure > Snort as NIDS system, however I need to improve it to enable the inline > mode. So there is lots of source about snort inline mode, but I want to make > sure which one is suitable one for me. Can you help me to explain how can i > configure Snort inline mode. I am using LInux 12.04 Desktop version and > Snort 2.9.4. I will be very happy if you help me. > > Thanks in advance, Tural Nazirov > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_mar > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Tural N. <tur...@ma...> - 2013-03-18 21:44:34
|
Hello Everybody, I am working on my project about Snort. Now I have finished to configure Snort as NIDS system, however I need to improve it to enable the inline mode. So there is lots of source about snort inline mode, but I want to make sure which one is suitable one for me. Can you help me to explain how can i configure Snort inline mode. I am using LInux 12.04 Desktop version and Snort 2.9.4. I will be very happy if you help me. Thanks in advance, Tural Nazirov |
|
From: Sart C. <sar...@ya...> - 2013-02-20 09:45:02
|
http://www.mservisss.com/pvnkorw/y.4?x8jfdm765l1q Sart Cole 2/20/2013 10:44:54 AM |
|
From: Sart C. <sar...@ya...> - 2013-02-17 15:44:55
|
http://www.opensize.de/hurotzsi/y8r54ujayioh33usw.b271m0bp?azvqp7d725es96mggwn3v1tn24z |
|
From: Julius S <ko...@ya...> - 2012-04-02 12:17:02
|
<a href="http://qu3399.com/data/02efpk.html"> http://qu3399.com/data/02efpk.html</a> |
|
From: Robert M. <rv...@gm...> - 2011-02-24 13:06:30
|
Do you have drop rules? Have you configured iptables to send the traffic you want to monitor to snort_inline? Rob On Feb 24, 2011, at 3:54, anvin igcar <av...@gm...> wrote: > > I have tried to run Snort_inline in two methods with drop rules. > But I don't find any packets being dropped. What might be the problem? > > [root@testpc ~]# snort_inline -c /etc/snort_inline/snort_inline.conf -l /var/log/snort_inline/ -A console -i eth0 > > Running in IDS mode > Initializing Network Interface eth0 > > --== Initializing Snort ==-- > Initializing Output Plugins! > Decoding Ethernet on interface eth0 > Initializing Preprocessors! > Initializing Plug-ins! > Parsing Rules file /etc/snort_inline/snort_inline.conf > > +++++++++++++++++++++++++++++++++++++++++++++++++++ > Initializing rule chains... > ,-----------[Flow Config]---------------------- > | Stats Interval: 0 > | Hash Method: 2 > | Memcap: 10485760 > | Rows : 4099 > | Overhead Bytes: 16400(%0.16) > `---------------------------------------------- > > Rule application order: ->activation->dynamic->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert->pass->log > Log directory = /var/log/snort_inline/ > > --== Initialization Complete ==-- > > ,,_ -*> Snort_Inline! <*- > o" )~ Version 2.4.5 (Build 29) > '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html > (C) Copyright 1998-2005 Sourcefire Inc., et al. > Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness, > Dave Remien, Rob McMillen and Jed Haile > NOTE: Snort's default output has changed in version 2.4.1! > The default logging mode is now PCAP, use "-K ascii" to activate > the old default logging mode. > > ^C > > =============================================================================== > > Snort received 769 packets > Analyzed: 769(100.000%) > Dropped: 0(0.000%) > =============================================================================== > Breakdown by protocol: > TCP: 104 (13.524%) > UDP: 153 (19.896%) > ICMP: 0 (0.000%) > ARP: 307 (39.922%) > EAPOL: 0 (0.000%) > IPv6: 6 (0.780%) > ETHLOOP: 0 (0.000%) > IPX: 3 (0.390%) > FRAG: 0 (0.000%) > OTHER: 198 (25.748%) > DISCARD: 0 (0.000%) > =============================================================================== > Action Stats: > ALERTS: 0 > LOGGED: 0 > PASSED: 0 > =============================================================================== > TCP Stream Reassembly Stats: > TCP Packets Used: 9 (1.170%) > Stream Trackers: 4 > Stream flushes: 0 > Segments used: 0 > Stream4 Memory Faults: 0 > =============================================================================== > Final Flow Statistics > ,----[ FLOWCACHE STATS ]---------- > Memcap: 10485760 Overhead Bytes 16400 used(%0.241756)/blocks (25350/51) > Overhead blocks: 1 Could Hold: (58579) > IPV4 count: 50 frees: 0 > low_time: 1298537116, high_time: 1298537132, diff: 0h:00:16s > finds: 124 reversed: 0(%0.000000) > find_sucess: 74 find_fail: 50 > percent_success: (%59.677419) new_flows: 50 > Protocol: 6 (%7.258065) > finds: 9 > reversed: 0(%0.000000) > find_sucess: 5 > find_fail: 4 > percent_success: (%55.555556) > new_flows: 4 > Protocol: 17 (%92.741935) > finds: 115 > reversed: 0(%0.000000) > find_sucess: 69 > find_fail: 46 > percent_success: (%60.000000) > new_flows: 46 > Snort exiting > > > > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > [root@testpc ~]# snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N -l /var/log/snort_inline/ -t /var/log/snort_inline/ -v > Reading from iptables > Running in IDS mode > Initializing Inline mode > > --== Initializing Snort ==-- > Initializing Output Plugins! > Setting the Packet Processor to decode packets from iptables > Initializing Preprocessors! > Initializing Plug-ins! > Parsing Rules file /etc/snort_inline/snort_inline.conf > ~~~~~~~~~~~~~~~~~~~~~ > Rule application order: ->activation->dynamic->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert->pass->log > Log directory = /var/log/snort_inline/ > > --== Initialization Complete ==-- > > ,,_ -*> Snort_Inline! <*- > o" )~ Version 2.4.5 (Build 29) > '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html > (C) Copyright 1998-2005 Sourcefire Inc., et al. > Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness, > Dave Remien, Rob McMillen and Jed Haile > NOTE: Snort's default output has changed in version 2.4.1! > The default logging mode is now PCAP, use "-K ascii" to activate > the old default logging mode. > > > Snort processed 0 packets. > ============================================================ > Action Stats: > ALERTS: 0 > LOGGED: 0 > PASSED: 0 > =============================================================================== > Final Flow Statistics > ,----[ FLOWCACHE STATS ]---------- > Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1) > Overhead blocks: 1 Could Hold: (0) > IPV4 count: 0 frees: 0 > low_time: 0, high_time: 0, diff: 0h:00:00s > finds: 0 reversed: 0(%0.000000) > find_sucess: 0 find_fail: 0 > percent_success: (%0.000000) new_flows: 0 > Snort exiting > > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
|
From: anvin i. <av...@gm...> - 2011-02-24 08:54:21
|
I have tried to run Snort_inline in two methods with drop rules.
But I don't find any packets being dropped. What might be the problem?
[root@testpc ~]# snort_inline -c /etc/snort_inline/snort_inline.conf -l
/var/log/snort_inline/ -A console -i eth0
Running in IDS mode
Initializing Network Interface eth0
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort_inline/snort_inline.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval: 0
| Hash Method: 2
| Memcap: 10485760
| Rows : 4099
| Overhead Bytes: 16400(%0.16)
`----------------------------------------------
Rule application order:
->activation->dynamic->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert->pass->log
Log directory = /var/log/snort_inline/
--== Initialization Complete ==--
,,_ -*> Snort_Inline! <*-
o" )~ Version 2.4.5 (Build 29)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2005 Sourcefire Inc., et al.
Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness,
Dave Remien, Rob McMillen and Jed Haile
NOTE: Snort's default output has changed in version 2.4.1!
The default logging mode is now PCAP, use "-K ascii" to activate
the old default logging mode.
^C
===============================================================================
Snort received 769 packets
Analyzed: 769(100.000%)
Dropped: 0(0.000%)
===============================================================================
Breakdown by protocol:
TCP: 104 (13.524%)
UDP: 153 (19.896%)
ICMP: 0 (0.000%)
ARP: 307 (39.922%)
EAPOL: 0 (0.000%)
IPv6: 6 (0.780%)
ETHLOOP: 0 (0.000%)
IPX: 3 (0.390%)
FRAG: 0 (0.000%)
OTHER: 198 (25.748%)
DISCARD: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
TCP Stream Reassembly Stats:
TCP Packets Used: 9 (1.170%)
Stream Trackers: 4
Stream flushes: 0
Segments used: 0
Stream4 Memory Faults: 0
===============================================================================
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.241756)/blocks (25350/51)
Overhead blocks: 1 Could Hold: (58579)
IPV4 count: 50 frees: 0
low_time: 1298537116, high_time: 1298537132, diff: 0h:00:16s
finds: 124 reversed: 0(%0.000000)
find_sucess: 74 find_fail: 50
percent_success: (%59.677419) new_flows: 50
Protocol: 6 (%7.258065)
finds: 9
reversed: 0(%0.000000)
find_sucess: 5
find_fail: 4
percent_success: (%55.555556)
new_flows: 4
Protocol: 17 (%92.741935)
finds: 115
reversed: 0(%0.000000)
find_sucess: 69
find_fail: 46
percent_success: (%60.000000)
new_flows: 46
Snort exiting
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[root@testpc ~]# snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N
-l /var/log/snort_inline/ -t /var/log/snort_inline/ -v
Reading from iptables
Running in IDS mode
Initializing Inline mode
--== Initializing Snort ==--
Initializing Output Plugins!
Setting the Packet Processor to decode packets from iptables
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort_inline/snort_inline.conf
~~~~~~~~~~~~~~~~~~~~~
Rule application order:
->activation->dynamic->drop->sdrop->reject->rejectboth->rejectsrc->rejectdst->alert->pass->log
Log directory = /var/log/snort_inline/
--== Initialization Complete ==--
,,_ -*> Snort_Inline! <*-
o" )~ Version 2.4.5 (Build 29)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2005 Sourcefire Inc., et al.
Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness,
Dave Remien, Rob McMillen and Jed Haile
NOTE: Snort's default output has changed in version 2.4.1!
The default logging mode is now PCAP, use "-K ascii" to activate
the old default logging mode.
Snort processed 0 packets.
============================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0
low_time: 0, high_time: 0, diff: 0h:00:00s
finds: 0 reversed: 0(%0.000000)
find_sucess: 0 find_fail: 0
percent_success: (%0.000000) new_flows: 0
Snort exiting
|
|
From: Robert M. <rv...@gm...> - 2011-02-23 11:10:17
|
You have to change your iptables rule to send FTP traffic to the queue instead of port 80. iptables -I INPUT -p tcp --dport 21 -j QUEUE But this will only work if the FTP server you are trying to monitor resides on the system with the iptables firewall. If the firewall is routing and you are trying to monitor FTP traffic going across the firewall, you will need to add the rule to the forward chain. Rob On Feb 23, 2011, at 5:02, anvin igcar <av...@gm...> wrote: > I have configured snort to IDS mode without using --enable-inline. > I have successfully installed snort_inline and iptables too using http://linuxgazette.net/117/savage.html. > > I have added the following rule in /etc/snort_inline/ftp.rules > > drop tcp any any -> any 21 (msg:"FTP AV ftp login attempt"; flow:to_server,established; content:"USER"; nocase; content:"w0rm"; distance:1; nocase; pcre:"/^USER\s+w0rm/smi"; reference:arachnids,01; classtype:suspicious-login; sid:1555; rev:9;) > > and in iptables, it is > iptables -I INPUT -p tcp --dport 80 -j QUEUE > > When I run the following with > snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N -l /var/log/snort_inline/ -t /var/log/snort_inline/ -v > > I am able to access the ftp which is not supposed to get connected. What should I do? > > > > I am trying to run both Snort server and client in the same machine. > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
|
From: anvin i. <av...@gm...> - 2011-02-23 10:04:00
|
I have configured snort to IDS mode without using --enable-inline. I have successfully installed snort_inline and iptables too using* http://linuxgazette.net/117/savage.html.* I have added the following rule in /etc/snort_inline/ftp.rules *drop tcp any any -> any 21 (msg:"FTP AV ftp login attempt"; flow:to_server,established; content:"USER"; nocase; content:"w0rm"; distance:1; nocase; pcre:"/^USER\s+w0rm/smi"; reference:arachnids,01; classtype:suspicious-login; sid:1555; rev:9;) *and in iptables, it is iptables -I INPUT -p tcp --dport 80 -j QUEUE When I run the following with *snort_inline -c /etc/snort_inline/snort_inline.conf -Q -N -l /var/log/snort_inline/ -t /var/log/snort_inline/ -v* I am able to access the ftp which is not supposed to get connected. What should I do? I am trying to run both Snort server and client in the same machine. |
|
From: Dropbox <no-...@dr...> - 2010-11-24 02:15:28
|
Muhammad Najmi Ahmad Zabidi wants you to use Dropbox to sync and share files online and across computers. Get started here: http://www.dropbox.com/link/20.LwkvPfr2M5/NjQ3OTU4NDM0Nw?src=referrals_bulk - The Dropbox Team ____________________________________________________ To stop receiving invites from Dropbox, please go to http://www.dropbox.com/bl/7cbd3101d38b/snort-inline-users%40lists.sourceforge.net |
|
From: Tina <b_e...@ho...> - 2010-05-18 17:10:17
|
Alain Deguille <adeguille <at> sqli.com> writes: > > > Hi, > > I didn't solve this problem. (i tried many solutions but anyone of them works). > I thinks this is important point have to be resolve in futures snort inline version. (like the HTTPS problem). > > Peharps you can try what William propose. Just hope that it can be install without any change in Iptable/Fw rules... > Thanks for your kind reply.I will try what William propose.O(∩_∩)O~ |
|
From: Tina <b_e...@ho...> - 2010-05-18 17:06:32
|
Will Metcalf <william.metcalf <at> gmail.com> writes: > > This code has not been supported for some time. If you want to stop > viruses in HTTP traffic might I suggest you look at > http://www.server-side.de/. If you want to do AV detection only the > NRT project looks interesting. http://labs.sourcefire.com/nrt/ > > Regards, > > Will > Thanks a lot for your kind advice.I have been troubled by this problem for quite a while. Thanks again for your suggestion. |
|
From: Alain D. <ade...@sq...> - 2010-05-18 16:20:19
|
Good to know. thx (it can be seen on http://snort-inline.sourceforge.net/) What about suricata and clamav or other av integration ? (where can we found full features list of suricata or any comparaison with snort-inline) 2010/5/18 Will Metcalf <wil...@gm...> > There will be no future snort inline versions, at least not released > by Victor or I. We are both working full-time on a new IDS/IPS called > suricata which you can read about here: > > http://www.openinfosecfoundation.org/ > > If anybody wants to take over the snort inline project from us please > e-mail me off-list. > > Regards, > > Will > > On Tue, May 18, 2010 at 10:13 AM, Alain Deguille <ade...@sq...> > wrote: > > Hi, > > > > I didn't solve this problem. (i tried many solutions but anyone of them > > works). > > I thinks this is important point have to be resolve in futures snort > inline > > version. (like the HTTPS problem). > > > > Peharps you can try what William propose. Just hope that it can be > install > > without any change in Iptable/Fw rules... > > > > > > 2010/5/18 Will Metcalf <wil...@gm...> > >> > >> This code has not been supported for some time. If you want to stop > >> viruses in HTTP traffic might I suggest you look at > >> http://www.server-side.de/. If you want to do AV detection only the > >> NRT project looks interesting. http://labs.sourcefire.com/nrt/ > >> > >> Regards, > >> > >> Will > >> > >> On Tue, May 18, 2010 at 4:05 AM, Tina <b_e...@ho...> wrote: > >> > Hi,I have been facing the same problem with you.And I wonder how you > >> > solve > >> > it.Thanks a lot. > >> > > >> > > >> > > >> > > ------------------------------------------------------------------------------ > >> > > >> > _______________________________________________ > >> > Snort-inline-users mailing list > >> > Sno...@li... > >> > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > >> > > >> > >> > >> > ------------------------------------------------------------------------------ > >> > >> _______________________________________________ > >> Snort-inline-users mailing list > >> Sno...@li... > >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > |
|
From: Alain D. <ade...@sq...> - 2010-05-18 15:39:03
|
Hi, I didn't solve this problem. (i tried many solutions but anyone of them works). I thinks this is important point have to be resolve in futures snort inline version. (like the HTTPS problem). Peharps you can try what William propose. Just hope that it can be install without any change in Iptable/Fw rules... 2010/5/18 Will Metcalf <wil...@gm...> > This code has not been supported for some time. If you want to stop > viruses in HTTP traffic might I suggest you look at > http://www.server-side.de/. If you want to do AV detection only the > NRT project looks interesting. http://labs.sourcefire.com/nrt/ > > Regards, > > Will > > On Tue, May 18, 2010 at 4:05 AM, Tina <b_e...@ho...> wrote: > > Hi,I have been facing the same problem with you.And I wonder how you > solve > > it.Thanks a lot. > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Will M. <wil...@gm...> - 2010-05-18 15:26:38
|
There will be no future snort inline versions, at least not released by Victor or I. We are both working full-time on a new IDS/IPS called suricata which you can read about here: http://www.openinfosecfoundation.org/ If anybody wants to take over the snort inline project from us please e-mail me off-list. Regards, Will On Tue, May 18, 2010 at 10:13 AM, Alain Deguille <ade...@sq...> wrote: > Hi, > > I didn't solve this problem. (i tried many solutions but anyone of them > works). > I thinks this is important point have to be resolve in futures snort inline > version. (like the HTTPS problem). > > Peharps you can try what William propose. Just hope that it can be install > without any change in Iptable/Fw rules... > > > 2010/5/18 Will Metcalf <wil...@gm...> >> >> This code has not been supported for some time. If you want to stop >> viruses in HTTP traffic might I suggest you look at >> http://www.server-side.de/. If you want to do AV detection only the >> NRT project looks interesting. http://labs.sourcefire.com/nrt/ >> >> Regards, >> >> Will >> >> On Tue, May 18, 2010 at 4:05 AM, Tina <b_e...@ho...> wrote: >> > Hi,I have been facing the same problem with you.And I wonder how you >> > solve >> > it.Thanks a lot. >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > Snort-inline-users mailing list >> > Sno...@li... >> > https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> > >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Snort-inline-users mailing list >> Sno...@li... >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > |
|
From: Will M. <wil...@gm...> - 2010-05-18 11:39:37
|
This code has not been supported for some time. If you want to stop viruses in HTTP traffic might I suggest you look at http://www.server-side.de/. If you want to do AV detection only the NRT project looks interesting. http://labs.sourcefire.com/nrt/ Regards, Will On Tue, May 18, 2010 at 4:05 AM, Tina <b_e...@ho...> wrote: > Hi,I have been facing the same problem with you.And I wonder how you solve > it.Thanks a lot. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Tina <b_e...@ho...> - 2010-05-18 09:10:19
|
Hi,I have been facing the same problem with you.And I wonder how you solve it.Thanks a lot. |
|
From: Will M. <wil...@gm...> - 2010-03-23 20:11:57
|
>On Tue, Mar 23, 2010 at 2:32 PM, Tomás Heredia <tom...@ac...> wrote: > Hi all! > I'm using snort_inline trunk's "nfqueue" selection option (-Q > queue#) to balance between several cores. > > I'm quite concerned about the future of this feature, and of > snort_inline in general. How do you think snort_inline will evolve in > the near future? Will snort-inline based on snort 2.8.4.1 become > "stable"? will snort_inline follow mainline snort? in effect, 2.8.5? > > Thanks! snort_inline as a project is pretty much dead at this point, unless somebody else wants to pick it up. Victor and I are both working on a new open source IDP engine called suricata, which allows you to use NFQUEUE, has an almost complete snort compatible rule language, and is multi-threaded so you to take advantage of multiple cores without running multiple instances of the engine. If you are interested you can find more info or download the engine here: http://www.openinfosecfoundation.org/ Regards, Will > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Tomás H. <tom...@ac...> - 2010-03-23 19:58:18
|
Hi all!
I'm using snort_inline trunk's "nfqueue" selection option (-Q
queue#) to balance between several cores.
I'm quite concerned about the future of this feature, and of
snort_inline in general. How do you think snort_inline will evolve in
the near future? Will snort-inline based on snort 2.8.4.1 become
"stable"? will snort_inline follow mainline snort? in effect, 2.8.5?
Thanks!
|
|
From: Alain D. <ade...@sq...> - 2010-02-10 11:56:51
|
I have these packages allready installed in version 0.95.3-1.el5.rf So my first error posted, was with this libclamav package in version 0.95.3 with this configure : ./configure --enable-clamav (no errors in configure step) I just tried this : ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.90/libclamav/ same make errors as clamav-0.85 (because i think these versions are too old, and snort call clamav lib/fonctions that libclamav didn't know). From: Ihab el Bakri Sent: Wednesday, February 10, 2010 12:33 PM To: ade...@sq... ; sno...@li... Subject: RE: [Snort-inline-users] snort_inline 2.6.1.5 with clamav Hi, looks like you havent installed following packages libclamav-dev libclamav3 libclamav5 clamav it should configure with clamav version 0.90 Best regards Ihab El Bakri -------------------------------------------------------------------------------- From: ade...@sq... To: sno...@li... Date: Wed, 10 Feb 2010 12:14:26 +0100 Subject: Re: [Snort-inline-users] snort_inline 2.6.1.5 with clamav Hi, I'd allready tried to compile with these : ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.94/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92.1/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.93.3/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.93/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92.1/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.91/libclamav/ and now ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.85/libclamav/ Each time, i had same or different errors about clamav. This time these : preprocessors/libspp.a(spp_clamav.o): In function `ClamAVInit': /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:520: undefined reference to `cl_loaddbdir' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:530: undefined reference to `cl_buildtrie' preprocessors/libspp.a(spp_clamav.o): In function `ClamAVReloadDB': /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:580: undefined reference to `cl_freetrie' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:585: undefined reference to `cl_loaddbdir' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:595: undefined reference to `cl_buildtrie' collect2: ld returned 1 exit status From: Ihab el Bakri Sent: Wednesday, February 10, 2010 12:08 PM To: ade...@sq... ; sno...@li... Subject: RE: [Snort-inline-users] snort_inline 2.6.1.5 with clamav Hi, Try an older version of clamav, may be 0.85 Best regards Ihab el Bakri -------------------------------------------------------------------------------- From: ade...@sq... To: sno...@li... Date: Wed, 10 Feb 2010 10:49:31 +0100 Subject: Re: [Snort-inline-users] snort_inline 2.6.1.5 with clamav here the make compilation errors : gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/flow -I../../src/preprocessors/portscan -I../../src/preprocessors/flow/int-snort -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I/usr/include/libipq -I/usr/include -fno-strict-aliasing -g -O2 -Wall -DDYNAMIC_PLUGIN -DGIDS -DCLAMAV -fno-strict-aliasing -c spp_clamav.c spp_clamav.c: In function ProcessPorts: spp_clamav.c:191: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c: In function ParseClamAVArgs: spp_clamav.c:306: attention : pointer targets in initialization differ in signedness spp_clamav.c:356: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c:365: attention : pointer targets in passing argument 1 of ProcessPorts differ in signedness spp_clamav.c: In function ClamAVInit: spp_clamav.c:520: attention : implicit declaration of function cl_loaddbdir spp_clamav.c:530: attention : implicit declaration of function cl_buildtrie spp_clamav.c:537: erreur: invalid application of sizeof to incomplete type struct cl_limits spp_clamav.c:539: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:541: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:543: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:545: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:547: erreur: invalid use of undefined type struct cl_limits spp_clamav.c: In function ClamAVReloadDB: spp_clamav.c:580: attention : implicit declaration of function cl_freetrie spp_clamav.c: In function strip_http_headers_p: spp_clamav.c:650: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:650: attention : pointer targets in assignment differ in signedness spp_clamav.c:663: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:663: attention : pointer targets in assignment differ in signedness spp_clamav.c:678: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:678: attention : pointer targets in assignment differ in signedness spp_clamav.c:706: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:706: attention : pointer targets in assignment differ in signedness spp_clamav.c: In function StoreAndScan: spp_clamav.c:877: attention : passing argument 4 of cl_scandesc from incompatible pointer type spp_clamav.c:877: attention : passing argument 5 of cl_scandesc makes integer from pointer without a cast spp_clamav.c:877: erreur: too many arguments to function cl_scandesc From: Alain DEGUILLE Sent: Tuesday, February 09, 2010 4:46 PM To: sno...@li... Subject: snort_inline 2.6.1.5 with clamav Hi, I try to compilate snort_inline 2.6.1.5 with clamav (--enable-clamav) version : clamav-devel-0.95.3-1.el5.rf The configure script generate the makefile without any error, but at the make step, the make stop with some clamav errors. Does somebody have a working snort_inline 2.6.1.5 with clamav ? -------------------------------------------------------------------------------- Hotmail: Trusted email with powerful SPAM protection. Sign up now. -------------------------------------------------------------------------------- Hotmail: Powerful Free email with security by Microsoft. Get it now. |
|
From: Ihab el B. <iha...@ho...> - 2010-02-10 11:33:50
|
Hi, looks like you havent installed following packages libclamav-dev libclamav3 libclamav5 clamav it should configure with clamav version 0.90 Best regards Ihab El Bakri From: ade...@sq... To: sno...@li... Date: Wed, 10 Feb 2010 12:14:26 +0100 Subject: Re: [Snort-inline-users] snort_inline 2.6.1.5 with clamav Hi, I'd allready tried to compile with these : ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.94/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92.1/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.93.3/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.93/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92.1/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.91/libclamav/ and now ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.85/libclamav/ Each time, i had same or different errors about clamav. This time these : preprocessors/libspp.a(spp_clamav.o): In function `ClamAVInit': /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:520: undefined reference to `cl_loaddbdir' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:530: undefined reference to `cl_buildtrie' preprocessors/libspp.a(spp_clamav.o): In function `ClamAVReloadDB': /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:580: undefined reference to `cl_freetrie' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:585: undefined reference to `cl_loaddbdir' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:595: undefined reference to `cl_buildtrie' collect2: ld returned 1 exit status From: Ihab el Bakri Sent: Wednesday, February 10, 2010 12:08 PM To: ade...@sq... ; sno...@li... Subject: RE: [Snort-inline-users] snort_inline 2.6.1.5 with clamav Hi, Try an older version of clamav, may be 0.85 Best regards Ihab el Bakri From: ade...@sq... To: sno...@li... Date: Wed, 10 Feb 2010 10:49:31 +0100 Subject: Re: [Snort-inline-users] snort_inline 2.6.1.5 with clamav here the make compilation errors : gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/flow -I../../src/preprocessors/portscan -I../../src/preprocessors/flow/int-snort -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I/usr/include/libipq -I/usr/include -fno-strict-aliasing -g -O2 -Wall -DDYNAMIC_PLUGIN -DGIDS -DCLAMAV -fno-strict-aliasing -c spp_clamav.c spp_clamav.c: In function ProcessPorts: spp_clamav.c:191: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c: In function ParseClamAVArgs: spp_clamav.c:306: attention : pointer targets in initialization differ in signedness spp_clamav.c:356: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c:365: attention : pointer targets in passing argument 1 of ProcessPorts differ in signedness spp_clamav.c: In function ClamAVInit: spp_clamav.c:520: attention : implicit declaration of function cl_loaddbdir spp_clamav.c:530: attention : implicit declaration of function cl_buildtrie spp_clamav.c:537: erreur: invalid application of sizeof to incomplete type struct cl_limits spp_clamav.c:539: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:541: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:543: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:545: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:547: erreur: invalid use of undefined type struct cl_limits spp_clamav.c: In function ClamAVReloadDB: spp_clamav.c:580: attention : implicit declaration of function cl_freetrie spp_clamav.c: In function strip_http_headers_p: spp_clamav.c:650: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:650: attention : pointer targets in assignment differ in signedness spp_clamav.c:663: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:663: attention : pointer targets in assignment differ in signedness spp_clamav.c:678: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:678: attention : pointer targets in assignment differ in signedness spp_clamav.c:706: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:706: attention : pointer targets in assignment differ in signedness spp_clamav.c: In function StoreAndScan: spp_clamav.c:877: attention : passing argument 4 of cl_scandesc from incompatible pointer type spp_clamav.c:877: attention : passing argument 5 of cl_scandesc makes integer from pointer without a cast spp_clamav.c:877: erreur: too many arguments to function cl_scandesc From: Alain DEGUILLE Sent: Tuesday, February 09, 2010 4:46 PM To: sno...@li... Subject: snort_inline 2.6.1.5 with clamav Hi, I try to compilate snort_inline 2.6.1.5 with clamav (--enable-clamav) version : clamav-devel-0.95.3-1.el5.rf The configure script generate the makefile without any error, but at the make step, the make stop with some clamav errors. Does somebody have a working snort_inline 2.6.1.5 with clamav ? Hotmail: Trusted email with powerful SPAM protection. Sign up now. _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969 |
|
From: Alain D. <ade...@sq...> - 2010-02-10 11:17:31
|
Hi, I'd allready tried to compile with these : ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.94/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92.1/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.93.3/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.93/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92.1/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.92/libclamav/ ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.91/libclamav/ and now ./configure --enable-clamav --with-clamav-includes=/usr/local/clamav-0.85/libclamav/ Each time, i had same or different errors about clamav. This time these : preprocessors/libspp.a(spp_clamav.o): In function `ClamAVInit': /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:520: undefined reference to `cl_loaddbdir' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:530: undefined reference to `cl_buildtrie' preprocessors/libspp.a(spp_clamav.o): In function `ClamAVReloadDB': /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:580: undefined reference to `cl_freetrie' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:585: undefined reference to `cl_loaddbdir' /usr/local/snort_inline-2.6.1.5/src/preprocessors/spp_clamav.c:595: undefined reference to `cl_buildtrie' collect2: ld returned 1 exit status From: Ihab el Bakri Sent: Wednesday, February 10, 2010 12:08 PM To: ade...@sq... ; sno...@li... Subject: RE: [Snort-inline-users] snort_inline 2.6.1.5 with clamav Hi, Try an older version of clamav, may be 0.85 Best regards Ihab el Bakri -------------------------------------------------------------------------------- From: ade...@sq... To: sno...@li... Date: Wed, 10 Feb 2010 10:49:31 +0100 Subject: Re: [Snort-inline-users] snort_inline 2.6.1.5 with clamav here the make compilation errors : gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/flow -I../../src/preprocessors/portscan -I../../src/preprocessors/flow/int-snort -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I/usr/include/libipq -I/usr/include -fno-strict-aliasing -g -O2 -Wall -DDYNAMIC_PLUGIN -DGIDS -DCLAMAV -fno-strict-aliasing -c spp_clamav.c spp_clamav.c: In function ProcessPorts: spp_clamav.c:191: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c: In function ParseClamAVArgs: spp_clamav.c:306: attention : pointer targets in initialization differ in signedness spp_clamav.c:356: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c:365: attention : pointer targets in passing argument 1 of ProcessPorts differ in signedness spp_clamav.c: In function ClamAVInit: spp_clamav.c:520: attention : implicit declaration of function cl_loaddbdir spp_clamav.c:530: attention : implicit declaration of function cl_buildtrie spp_clamav.c:537: erreur: invalid application of sizeof to incomplete type struct cl_limits spp_clamav.c:539: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:541: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:543: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:545: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:547: erreur: invalid use of undefined type struct cl_limits spp_clamav.c: In function ClamAVReloadDB: spp_clamav.c:580: attention : implicit declaration of function cl_freetrie spp_clamav.c: In function strip_http_headers_p: spp_clamav.c:650: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:650: attention : pointer targets in assignment differ in signedness spp_clamav.c:663: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:663: attention : pointer targets in assignment differ in signedness spp_clamav.c:678: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:678: attention : pointer targets in assignment differ in signedness spp_clamav.c:706: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:706: attention : pointer targets in assignment differ in signedness spp_clamav.c: In function StoreAndScan: spp_clamav.c:877: attention : passing argument 4 of cl_scandesc from incompatible pointer type spp_clamav.c:877: attention : passing argument 5 of cl_scandesc makes integer from pointer without a cast spp_clamav.c:877: erreur: too many arguments to function cl_scandesc From: Alain DEGUILLE Sent: Tuesday, February 09, 2010 4:46 PM To: sno...@li... Subject: snort_inline 2.6.1.5 with clamav Hi, I try to compilate snort_inline 2.6.1.5 with clamav (--enable-clamav) version : clamav-devel-0.95.3-1.el5.rf The configure script generate the makefile without any error, but at the make step, the make stop with some clamav errors. Does somebody have a working snort_inline 2.6.1.5 with clamav ? -------------------------------------------------------------------------------- Hotmail: Trusted email with powerful SPAM protection. Sign up now. |
|
From: Ihab el B. <iha...@ho...> - 2010-02-10 11:08:21
|
Hi, Try an older version of clamav, may be 0.85 Best regards Ihab el Bakri From: ade...@sq... To: sno...@li... Date: Wed, 10 Feb 2010 10:49:31 +0100 Subject: Re: [Snort-inline-users] snort_inline 2.6.1.5 with clamav here the make compilation errors : gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/flow -I../../src/preprocessors/portscan -I../../src/preprocessors/flow/int-snort -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I/usr/include/libipq -I/usr/include -fno-strict-aliasing -g -O2 -Wall -DDYNAMIC_PLUGIN -DGIDS -DCLAMAV -fno-strict-aliasing -c spp_clamav.c spp_clamav.c: In function ProcessPorts: spp_clamav.c:191: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c: In function ParseClamAVArgs: spp_clamav.c:306: attention : pointer targets in initialization differ in signedness spp_clamav.c:356: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c:365: attention : pointer targets in passing argument 1 of ProcessPorts differ in signedness spp_clamav.c: In function ClamAVInit: spp_clamav.c:520: attention : implicit declaration of function cl_loaddbdir spp_clamav.c:530: attention : implicit declaration of function cl_buildtrie spp_clamav.c:537: erreur: invalid application of sizeof to incomplete type struct cl_limits spp_clamav.c:539: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:541: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:543: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:545: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:547: erreur: invalid use of undefined type struct cl_limits spp_clamav.c: In function ClamAVReloadDB: spp_clamav.c:580: attention : implicit declaration of function cl_freetrie spp_clamav.c: In function strip_http_headers_p: spp_clamav.c:650: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:650: attention : pointer targets in assignment differ in signedness spp_clamav.c:663: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:663: attention : pointer targets in assignment differ in signedness spp_clamav.c:678: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:678: attention : pointer targets in assignment differ in signedness spp_clamav.c:706: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:706: attention : pointer targets in assignment differ in signedness spp_clamav.c: In function StoreAndScan: spp_clamav.c:877: attention : passing argument 4 of cl_scandesc from incompatible pointer type spp_clamav.c:877: attention : passing argument 5 of cl_scandesc makes integer from pointer without a cast spp_clamav.c:877: erreur: too many arguments to function cl_scandesc From: Alain DEGUILLE Sent: Tuesday, February 09, 2010 4:46 PM To: sno...@li... Subject: snort_inline 2.6.1.5 with clamav Hi, I try to compilate snort_inline 2.6.1.5 with clamav (--enable-clamav) version : clamav-devel-0.95.3-1.el5.rf The configure script generate the makefile without any error, but at the make step, the make stop with some clamav errors. Does somebody have a working snort_inline 2.6.1.5 with clamav ? _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 |
|
From: Alain D. <ade...@sq...> - 2010-02-10 09:52:59
|
here the make compilation errors : gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/flow -I../../src/preprocessors/portscan -I../../src/preprocessors/flow/int-snort -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I/usr/include/libipq -I/usr/include -fno-strict-aliasing -g -O2 -Wall -DDYNAMIC_PLUGIN -DGIDS -DCLAMAV -fno-strict-aliasing -c spp_clamav.c spp_clamav.c: In function ProcessPorts: spp_clamav.c:191: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c: In function ParseClamAVArgs: spp_clamav.c:306: attention : pointer targets in initialization differ in signedness spp_clamav.c:356: attention : pointer targets in passing argument 1 of mSplit differ in signedness spp_clamav.c:365: attention : pointer targets in passing argument 1 of ProcessPorts differ in signedness spp_clamav.c: In function ClamAVInit: spp_clamav.c:520: attention : implicit declaration of function cl_loaddbdir spp_clamav.c:530: attention : implicit declaration of function cl_buildtrie spp_clamav.c:537: erreur: invalid application of sizeof to incomplete type struct cl_limits spp_clamav.c:539: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:541: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:543: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:545: erreur: invalid use of undefined type struct cl_limits spp_clamav.c:547: erreur: invalid use of undefined type struct cl_limits spp_clamav.c: In function ClamAVReloadDB: spp_clamav.c:580: attention : implicit declaration of function cl_freetrie spp_clamav.c: In function strip_http_headers_p: spp_clamav.c:650: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:650: attention : pointer targets in assignment differ in signedness spp_clamav.c:663: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:663: attention : pointer targets in assignment differ in signedness spp_clamav.c:678: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:678: attention : pointer targets in assignment differ in signedness spp_clamav.c:706: attention : pointer targets in passing argument 1 of strstr differ in signedness spp_clamav.c:706: attention : pointer targets in assignment differ in signedness spp_clamav.c: In function StoreAndScan: spp_clamav.c:877: attention : passing argument 4 of cl_scandesc from incompatible pointer type spp_clamav.c:877: attention : passing argument 5 of cl_scandesc makes integer from pointer without a cast spp_clamav.c:877: erreur: too many arguments to function cl_scandesc From: Alain DEGUILLE Sent: Tuesday, February 09, 2010 4:46 PM To: sno...@li... Subject: snort_inline 2.6.1.5 with clamav Hi, I try to compilate snort_inline 2.6.1.5 with clamav (--enable-clamav) version : clamav-devel-0.95.3-1.el5.rf The configure script generate the makefile without any error, but at the make step, the make stop with some clamav errors. Does somebody have a working snort_inline 2.6.1.5 with clamav ? |
133 messages has been excluded from this view by a project administrator.
