Date: Wed, 02 Mar 2011 22:25:19 +0100 From: olli hauer <ohauer@gmx.de> To: =?ISO-8859-1?Q?Richard_Brend=F6rfer?= <neamtu@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: make pf to detect and drop virus/malware packets Message-ID: <4D6EB5BF.5040309@gmx.de> In-Reply-To: <AANLkTinZk0zAXzp%2B13LknpZeQbAUbrC2gKEHVuzGcSFm@mail.gmail.com> References: <AANLkTinZk0zAXzp%2B13LknpZeQbAUbrC2gKEHVuzGcSFm@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2011-03-02 21:51, Richard Brendörfer wrote: > Hi, > this is the first time when I write on mailing list. > If this subject was discussed in the past please don't shoot me, just trow > me a bone. > > I was wonder if pf can detect packets that match a signature/fingerprint of > a virus, like it makes with the OS fingerprints. > > Let's assume that I start to download eicar then pf 'see' the signature of > the pachet(s) and drop the connection. > Is this possible ? > Not direct with pf, but in combination with snort and sortsam.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D6EB5BF.5040309>