<html><body bgcolor="#FFFFFF"><div>There was a bug with nocase and http_header/http_method keywords.  You should use the latest version of code from the git repo or wait for 1.0.3</div><div><br></div><div>Regards,</div><div><br></div><div>Will<br><br></div><div>On Nov 26, 2010, at 10:50 AM, Matthew Jonkman <<a href="mailto:jonkman@emergingthreatspro.com">jonkman@emergingthreatspro.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>Hi Gerardo. We're working on the et sigs for suricata still. Most of the ruleset will load but we have a few strange bugs we're trying to figure out. <div><br></div><div>More soon there!</div><div><br></div><div>Matt</div><div><br><div><div>On Nov 26, 2010, at 8:14 AM, Gerardo De Felice wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Hello!<br>
    <br>
    on my Ubuntu 10.10 I installed suricata 1.0.2, the installation is
    ok, but when I run suricata for every rules i get this error
    "(detect.c:307) <Error> (DetectLoadSigFile) -- [ERRCODE:
    SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "<br>
    <br>
    I downloaded the rules from
    <a class="moz-txt-link-freetext" href="http://rules.emergingthreats.net/open/suricata/emerging.rules.zip"><a href="http://rules.emergingthreats.net/open/suricata/emerging.rules.zip">http://rules.emergingthreats.net/open/suricata/emerging.rules.zip</a></a>.<br>
    <br>
    <br>
    Best regards!
_______________________________________________<br>Oisf-users mailing list<br><a href="mailto:Oisf-users@openinfosecfoundation.org"><a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a></a><br><a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br>----------------------------------------------------<br>Matthew Jonkman</div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><a href="http://Emergingthreats.net"><a href="http://Emergingthreats.net">Emergingthreats.net</a></a><br>Emerging Threats Pro<br>Open Information Security Foundation (OISF)<br>Phone 765-807-8630<br>Fax 312-264-0205<br><a href="http://www.emergingthreatspro.com">http://www.emergingthreatspro.com</a><br>http://www.openinfosecfoundation.org<br>----------------------------------------------------<br><br>PGP: http://www.jonkmans.com/mattjonkman.asc<br><br><br></div></span></div></span></div></span></span>
</div>
<br></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Oisf-users mailing list</span><br><span><a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a></span><br><span><a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br></div></blockquote></body></html>