> You need to Span/Mirror the traffic from your distribution > switch(es) to an ethernet card appropriate for the size of traffic you > see, 0-100mbps 100mbps ethernet, 100-1000 gigabit. And then run Snort > with all of the plugins to look for malicious traffic. There aren't > really network "virus" scanners so much as there are IDS detection > programs which will detect the traffic signatures of the 'worm/malware' > spreading software and alert you. As viruses are generally local host > problems but the 'spreading' of them you CAN detect. > > HTH. > > -Drew > > > -----Original Message----- > From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On > Behalf Of eric@xxxxxxxxxxxxxxxxxxxxxxxxxx > Sent: Tuesday, October 10, 2006 11:39 AM > To: centos@xxxxxxxxxx > Subject: [CentOS] antivirus sniffer/scanner for networks > > Is anyone aware of a package that can detect viri on the network & > possibly alert when there are? > > Here is the scenario: Our network is utilized by guest users all the > time, sometimes into the thousands. We see guests from all over with a > variety of OSs & hardware, all of which, we have no control or say in > that matter. > > I am looking for something that I can run in promiscuous mode and/or on > a span port that will sniff for viri and then alert/log when it sees a > virus. We can then track down the culprits' ip/mac and shut off the > switch port he/she is connected to and then visit with the guest to help > them clean their machine. > > Given the nature of our network and our guests' needs, an inline > solution is not an option. Although, I recall that squid supports WCCP, > I'm not sure that it would do what I am requesting. I also looked at > snort+libclamav, but the info was inconclusive. > > We are a CentOs shop and I have a spare dual xeon box that I can use for > the task. > > Thanks, > > Eric > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > Thanks, I will pursue the snort path then.... _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos