[Oisf-devel] suricata: byte_jump and content after not supported
Will Metcalf
william.metcalf at gmail.com
Thu May 20 19:13:16 UTC 2010
Cool. Thanks rmkml!
Regards,
Will
On Thu, May 20, 2010 at 11:55 AM, rmkml <rmkml at free.fr> wrote:
> thx for reply will,
> Im opened ticket #163 for this.
> Regards
> Rmkml
>
>
> On Thu, 20 May 2010, Will Metcalf wrote:
>
>> This appears to be a bug on our end. This should be supported. Please go
>> ahead and open a ticket, otherwise I can.
>>
>> Regards,
>>
>> Will
>>>
>>> On Thu, 2010-05-20 at 14:59 +0200, rmkml wrote:
>>> Hi,
>>> Before opening a ticket, I prefer speak on this.
>>> Ok I have an error with this signature:
>>> [22914] 20/5/2010 -- 17:08:17 - (detect-within.c:177) <Error>
>>> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(101)] -
>>> within needs two preceeding content or uricontent options
>>> [22914] 20/5/2010 -- 17:08:17 - (detect.c:319) <Error>
>>> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] - Error
>>> parsing signature
>>> "alert tcp any 80 -> any any (msg:"suricata test";
>>> flow:from_server,established; byte_jump:1,2; content:"|00|"; within:1;
>>> distance:2;
>>> classtype:attempted-admin; sid:98711212; rev:1;)" from file ...
>>>
>>> This test work on snort.
>>> Anyone have a comment please?
>>> or maybe a ticket is already opened?
>>> Regards
>>> Rmkml
>>> _______________________________________________
>>> Oisf-devel mailing list
>>> Oisf-devel at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>
>>
>
More information about the Oisf-devel
mailing list