Hi,<br><br>I installated the new version of suricata from git today.<br><br>I get this error:<br><br><br>[13488] 29/11/2010 -- 16:17:26 - (detect-parse.c:629) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(<div id=":52">
100)] - unknown rule keyword 'file_data'.<br>
[13488] 29/11/2010 -- 16:17:26 - (detect.c:402) <Error> 
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error 
parsing signature "alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 
any (msg:"ET ACTIVEX DB Software Laboratory VImpX.ocx ActiveX Control 
Multiple Insecure Methods"; flow:to_client,established; file_data; 
content:"CLSID"; nocase; content:"7600707B-9F47-416D-8AB5-6FD96EA37968"; nocase;  pcre:"/(LogFile|ClearLogFile|SaveToFile)/i"; classtype:web-application-attack; reference:bugtraq,31907; reference:url,<a href="http://milw0rm.com/exploits/6828" target="_blank">milw0rm.com/exploits/6828</a>; reference:url,<a href="http://doc.emergingthreats.net/2008789" target="_blank">doc.emergingthreats.net/2008789</a>; reference:url,<a href="http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_DB_Software" target="_blank">www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_DB_Software</a>; sid:2008789; rev:5;)" from file /etc/suricata/rules/emerging-activex.rules at line 1460<br>

<br>If I remove file_data tag<br><br>i get this error:<br><br>[13491] 
29/11/2010 -- 16:18:10 - (detect-distance.c:312) <Error> 
(DetectDistanceSetup) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - No 
related previous-previous content or pcre keyword<br>
[13491] 29/11/2010 -- 16:18:10 - (detect.c:402) <Error> 
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error 
parsing signature "alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 
any (msg:"ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control 
Code Execution Attempt"; flow:to_client,established; 
content:"24DC3975-09BF-4231-8655-3EE71F43837D"; nocase; distance:0; content:".CustomCompositorClass"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*24DC3975-09BF-4231-8655-3EE71F43837D/si"; classtype:web-application-attack; reference:url,<a href="http://packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt" target="_blank">packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt</a>; sid:2011589; rev:5;)" from file /etc/suricata/rules/emerging-activex.rules at line 1526<br>

<br><br>Best regards!
</div>