[Oisf-devel] Suricata 1.3beta1 is ready for testing
Anoop Saldanha
anoopsaldanha at gmail.com
Thu Apr 5 04:21:42 UTC 2012
On Thu, Apr 5, 2012 at 5:27 AM, rmkml <rmkml at yahoo.fr> wrote:
> Hi,
> First: Congratulations Victor and all Oisf team and community!
>
> Im request a upgrade for byte_extract please:
> -suricata not support negative distance on byte_extract like this sig:
>
> alert tcp any 80 -> any any (msg:"test byte_extract"; flow:to_client,established; file_data; content:"abc"; distance:0;
> byte_extract:1,-1,ici,relative,big; classtype:web-application-activity; sid:94230265; rev:1;)
>
> suricata output error results:
> 5/4/2012 -- 01:54:10 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any 80 -> any any (msg:"test
> byte_extract"; flow:to_client,established; file_data; content:"abc"; distance:0; byte_extract:1,-1,ici,relative,big;
> classtype:web-application-activity; sid:94230265; rev:1;)" from file testsuricata.rules at line 3
>
> If anyone confirm, Im open a new ticket on redmine.
>
> Regards
> Rmkml
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
Create a bug for this.
--
Anoop Saldanha
More information about the Oisf-devel
mailing list