Snort mailing list archives

stream based av and snort/Stream5

From: "lynch.meng" <lynch.meng () gmail com>
Date: Tue, 9 Mar 2010 23:22:48 +0800

hello all!
    I am working for develop a snort preprosessor to do stream based anti virus. 
    I need do mime decodeing and decompress, so reassembled packets should come to my preprosessor sequentially. 
client side packet have no problem, but i can not get packet with PKT_REBUILT_STREAM flags from server side?

snort version 2.8.x. 
stream5 config:
preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp no
preprocessor stream5_tcp: policy first, ports both 80


thanks!

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

stream based av and snort/Stream5 lynch.meng (Mar 09)
- Re: stream based av and snort/Stream5 Randal T. Rioux (Mar 09)
- <Possible follow-ups>
- Re: stream based av and snort/Stream5 lynch meng (Mar 09)