make pf to detect and drop virus/malware packets
Richard Brendörfer
neamtu at gmail.com
Wed Mar 2 21:49:40 UTC 2011
This look interesting, thanks.
On Wed, Mar 2, 2011 at 11:25 PM, olli hauer <ohauer at gmx.de> wrote:
> On 2011-03-02 21:51, Richard Brendörfer wrote:
> > Hi,
> > this is the first time when I write on mailing list.
> > If this subject was discussed in the past please don't shoot me, just
> trow
> > me a bone.
> >
> > I was wonder if pf can detect packets that match a signature/fingerprint
> of
> > a virus, like it makes with the OS fingerprints.
> >
> > Let's assume that I start to download eicar then pf 'see' the signature
> of
> > the pachet(s) and drop the connection.
> > Is this possible ?
> >
>
> Not direct with pf, but in combination with snort and sortsam.
>
More information about the freebsd-pf
mailing list