[Oisf-users] Recommend version of 'file/libmagic' for suricata?
Cooper F. Nelson
cnelson at ucsd.edu
Thu Jul 11 07:04:01 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm very sorry, upon further review it turns out I actually found the
same bug as mentioned in issue #437.
More specifically, I had copied my own FILEMAGIC rule from another
sensor that had an older version of libmagic. I updated my signature
and now I am successfully capturing PE files (windows executables).
*But*, I did see a segfault now. I think I have the reassembly depth
too high, so I'll lower it a bit. Here is the error message:
> [130320.425920] AFPacketeth210[30006]: segfault at 7fdb38cb9f28 ip 00007fdb43f2ab3f sp 00007fdb38cb9f30 error 6 in libc-2.15.so[7fdb43f07000+19f000]
- -Coop
On 7/10/2013 11:57 PM, Peter Manev wrote:
> Hi,
>
> What does your configure line looks like?
> What is the output of suricata --build-info ?
>
> thanks
>
>
> On Thu, Jul 11, 2013 at 1:10 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> I thought I would try building suricata against file v.4.17
>
> libmagic was built and all relevant files copied to /opt/libmagic.
> Suricata was compiled against the libmagic libraries/headers in this
> directory.
>
> Checking the binary, it appears its still linked against the system library:
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJR3ljhAAoJEKIFRYQsa8FWWTsH/15oo6tlo6oMqJkckQ0CsLhh
F4rHUr90teBeQ3NwXY+QtMtrme6y3RKx711bPmB2XURLGK7nFE2yvOwDZq1ldjFD
6yY7G7Le/J0rACBvVkXAGQYA5XmP8dwLEn8/kkCTPNY8qphPo12CptpD0ZOyRsqU
+1xVX/u4c9zuqsZFZAC1bu+AIf2ExhAvFguKN8GyjZEol1d/x+e2ZwG978iO79CP
wD1zTSIU8NEYveHPfWl/vN0dRqgWYY7mcM6CRAN7bCnUG4xpVj/BX5iJ8WTcmGYT
QHBBHxZ8aBJDjszj5cxfQQNAf//c0eUB7dOYXV6K13sfMUFWf1+TW/FfaPmTpyo=
=wTrK
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list