[Oisf-devel] Suricata 2.1beta4 Available!

rmkml rmkml at yahoo.fr
Fri May 8 16:27:09 UTC 2015


First, Congrats Victor, Eric, Anoop, Will and few others for a new beta version,

Suricata offer this new feature: smtp file_data support

On feature #1283:
18/9/2014 -- 14:04:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or from_client with http.

but it's not work for me with this sig:
alert tcp any any -> any 25 (msg:"SMTP file_data test"; flow:to_server,established; file_data; content:"abc"; classtype:attempted-user; sid:1; rev:1;)

Suricata v2.1 beta4 error output:
8/5/2015 -- 18:22:24 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or from_client with http or smtp.
8/5/2015 -- 18:22:24 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> any 25 (msg:"SMTP file_data test"; flow:to_server,established; file_data; content:"abc"; classtype:attempted-user; sid:1; rev:1;)" from file smtp.rules at line 1126

Anyone tested or have same pb please ?

Best Regards
@Rmkml


On Fri, 8 May 2015, Victor Julien wrote:

> ...
> *New features*
>
> ...
> Feature #885: smtp file_data support
> ...



More information about the Oisf-devel mailing list