Date: Wed, 2 Mar 2011 23:49:39 +0200 From: =?ISO-8859-1?Q?Richard_Brend=F6rfer?= <neamtu@gmail.com> To: olli hauer <ohauer@gmx.de> Cc: freebsd-pf@freebsd.org Subject: Re: make pf to detect and drop virus/malware packets Message-ID: <AANLkTik85bPrT52zZUiu3O3iuiB-Q=qTPNfgoobGKEb7@mail.gmail.com> In-Reply-To: <4D6EB5BF.5040309@gmx.de> References: <AANLkTinZk0zAXzp%2B13LknpZeQbAUbrC2gKEHVuzGcSFm@mail.gmail.com> <4D6EB5BF.5040309@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This look interesting, thanks. On Wed, Mar 2, 2011 at 11:25 PM, olli hauer <ohauer@gmx.de> wrote: > On 2011-03-02 21:51, Richard Brend=F6rfer wrote: > > Hi, > > this is the first time when I write on mailing list. > > If this subject was discussed in the past please don't shoot me, just > trow > > me a bone. > > > > I was wonder if pf can detect packets that match a signature/fingerprin= t > of > > a virus, like it makes with the OS fingerprints. > > > > Let's assume that I start to download eicar then pf 'see' the signature > of > > the pachet(s) and drop the connection. > > Is this possible ? > > > > Not direct with pf, but in combination with snort and sortsam. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTik85bPrT52zZUiu3O3iuiB-Q=qTPNfgoobGKEb7>