[Oisf-devel] Suricata 2.1beta4 Available!

Giuseppe Longo giuseppelng at gmail.com
Wed May 20 17:55:41 UTC 2015


Hi rmkml,
I've just sent a PR that should fix the issue,
you can see it here:
https://github.com/inliniac/suricata/pull/1495

I'm waiting for a feedback from Victor,
I'll let you know!

Cheers,
Giuseppe

2015-05-08 18:27 GMT+02:00 rmkml <rmkml at yahoo.fr>:
> First, Congrats Victor, Eric, Anoop, Will and few others for a new beta
> version,
>
> Suricata offer this new feature: smtp file_data support
>
> On feature #1283:
> 18/9/2014 -- 14:04:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
> Can't use file_data with flow:to_server or from_client with http.
>
> but it's not work for me with this sig:
> alert tcp any any -> any 25 (msg:"SMTP file_data test";
> flow:to_server,established; file_data; content:"abc";
> classtype:attempted-user; sid:1; rev:1;)
>
> Suricata v2.1 beta4 error output:
> 8/5/2015 -- 18:22:24 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
> Can't use file_data with flow:to_server or from_client with http or smtp.
> 8/5/2015 -- 18:22:24 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
> error parsing signature "alert tcp any any -> any 25 (msg:"SMTP file_data
> test"; flow:to_server,established; file_data; content:"abc";
> classtype:attempted-user; sid:1; rev:1;)" from file smtp.rules at line 1126
>
> Anyone tested or have same pb please ?
>
> Best Regards
> @Rmkml
>
>
> On Fri, 8 May 2015, Victor Julien wrote:
>
>> ...
>> *New features*
>>
>> ...
>> Feature #885: smtp file_data support
>> ...
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Copenhagen Sept 14-18:
> http://suricata-ids.org/training/



More information about the Oisf-devel mailing list