[Oisf-users] Rules

Anas.B a.bouhsaina at gmail.com
Wed Jun 16 13:52:27 UTC 2010 

Hello,

I've addedd the 2.8.5.3 rules
But still these errors !!!

[6521] 16/6/2010 -- 14:52:10 - (detect-bytetest.c:538) <Error>
(DetectBytetestSetup) -- [ERRCODE: SC_ERR_BYTETEST_MISSING_CONTENT(104)] -
relative bytetest match needs a previous content option
[6521] 16/6/2010 -- 14:52:10 - (detect.c:297) <Error> (DetectLoadSigFile) --
[ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] - Error parsing signature "alert tcp
$EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC client
negative Content-Length attempt"; flow:to_server,established;
content:"Content-Length|3A|"; nocase; http_header;
byte_test:4,>,0x7FFFFFFF,0,relative,string,dec; metadata:policy balanced-ips
drop, policy security-ips drop, service http; reference:bugtraq,17879;
reference:bugtraq,9098; reference:bugtraq,9476; reference:bugtraq,9576;
reference:cve,2004-0095; reference:cve,2006-2162; classtype:misc-attack;
sid:2278; rev:15;)" from file /etc/suricata/rules/web-misc.rules at line 366
[6521] 16/6/2010 -- 14:52:10 - (detect-http-method.c:180) <Error>
(DetectHttpMethodSetup) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] -
http_method cannot be used with "fast_pattern"
[6521] 16/6/2010 -- 14:52:10 - (detect.c:297) <Error> (DetectLoadSigFile) --
[ERRCODE: SC_ERR_INVALID_SIGNATURE(37)] - Error parsing signature "alert tcp
$EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC Sun Java System
Web Server 7.0 WebDAV format string exploit attempt - LOCK method";
flow:to_server,established; content:"LOCK"; fast_pattern; nocase;
http_method; content:"encoding";
pcre:"/\<\?xml[^\>]+encoding\s*\=\s*(\'|\")[^\'\"\>\%]*\%/"; metadata:policy
balanced-ips drop, policy security-ips drop, service http;
reference:bugtraq,37910; reference:cve,2010-0388; classtype:attempted-user;
sid:16427; rev:1;)" from file /etc/suricata/rules/web-misc.rules at line 555
[6521] 16/6/2010 -- 14:52:12 - (detect.c:341) <Error> (SigLoadSignatures) --
[ERRCODE: SC_ERR_NO_RULES(40)] - No rules loaded from
/etc/suricata/rules/emerging-web.rules
[6521] 16/6/2010 -- 14:52:19 - (detect.c:382) <Info> (SigLoadSignatures) --
71 rule files processed. 11678 rules succesfully loaded, 482 rules failed

The rules are loaded or not ?

Thanks to you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100616/130abce5/attachment-0001.html

More information about the Oisf-users mailing list