[CentOS] antivirus sniffer/scanner for networks

eric at austinconventioncenter.com eric at austinconventioncenter.com
Tue Oct 10 15:38:58 UTC 2006


Is anyone aware of a package that can detect viri on the network &
possibly alert when there are?

Here is the scenario:  Our network is utilized by guest users all the
time, sometimes into the thousands. We see guests from all over with a
variety of OSs & hardware, all of which, we have no control or say in that
matter.

I am looking for something that I can run in promiscuous mode and/or on a
span port that will sniff for viri and then alert/log when it sees a
virus. We can then track down the culprits' ip/mac and shut off the switch
port he/she is connected to and then visit with the guest to help them
clean their machine.

Given the nature of our network and our guests' needs, an inline solution
is not an option. Although, I recall that squid supports WCCP, I'm not
sure that it would do what I am requesting. I also looked at
snort+libclamav, but the info was inconclusive.

We are a CentOs shop and I have a spare dual xeon box that I can use for
the task.

Thanks,

Eric



More information about the CentOS mailing list