[Oisf-devel] suricata: byte_jump and content after not supported

Will Metcalf william.metcalf at gmail.com
Thu May 20 15:24:29 UTC 2010


This appears to be a bug on our end. This should be supported. Please go
ahead and open a ticket, otherwise I can.

Regards,

Will
>On Thu, 2010-05-20 at 14:59 +0200, rmkml wrote:
> Hi,
> Before opening a ticket, I prefer speak on this.
> Ok I have an error with this signature:
>   [22914] 20/5/2010 -- 17:08:17 - (detect-within.c:177) <Error> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(101)] - within needs two preceeding content or uricontent options
>   [22914] 20/5/2010 -- 17:08:17 - (detect.c:319) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] - Error parsing signature 
> "alert tcp any 80 -> any any (msg:"suricata test"; flow:from_server,established; byte_jump:1,2; content:"|00|"; within:1; distance:2;
>   classtype:attempted-admin; sid:98711212; rev:1;)" from file ...
> 
> This test work on snort.
> Anyone have a comment please?
> or maybe a ticket is already opened?
> Regards
> Rmkml
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100520/e24cda76/attachment.sig>


More information about the Oisf-devel mailing list