make pf to detect and drop virus/malware packets
olli hauer
ohauer at gmx.de
Wed Mar 2 21:52:30 UTC 2011
On 2011-03-02 21:51, Richard Brendörfer wrote:
> Hi,
> this is the first time when I write on mailing list.
> If this subject was discussed in the past please don't shoot me, just trow
> me a bone.
>
> I was wonder if pf can detect packets that match a signature/fingerprint of
> a virus, like it makes with the OS fingerprints.
>
> Let's assume that I start to download eicar then pf 'see' the signature of
> the pachet(s) and drop the connection.
> Is this possible ?
>
Not direct with pf, but in combination with snort and sortsam.
More information about the freebsd-pf
mailing list