[Oisf-users] Suricata - test rule ignored/not dropping.
Victor Julien
victor at inliniac.net
Tue Jul 27 07:56:36 UTC 2010
Morgan Cox wrote:
> Previously I have used
>
>
> drop tcp any any -> any 80 (classtype:attempted-user; msg:"Port 80
> connection initiated";)
>
> But it errors:-
>
> [1296] 26/7/2010 -- 14:53:01 - (detect.c:301) <Error>
> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error
> parsing signature "drop tcp any any -> any 80 (msg:"Snort_Inline is
> blocking the http link";) " from file
> /etc/suricata/rules/emerging-malware.rules at line 1314
This is a silly bug on our end, as you can see in the error message
there is a trailing space after the signature. Our regex didn't handle
that. Will be fixed in 1.0.1.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list