[Oisf-users] Recommend version of 'file/libmagic' for suricata?

Cooper F. Nelson cnelson at ucsd.edu
Thu Jul 11 07:04:01 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm very sorry, upon further review it turns out I actually found the
same bug as mentioned in issue #437.

More specifically, I had copied my own FILEMAGIC rule from another
sensor that had an older version of libmagic.  I updated my signature
and now I am successfully capturing PE files (windows executables).

*But*, I did see a segfault now.  I think I have the reassembly depth
too high, so I'll lower it a bit.  Here is the error message:

> [130320.425920] AFPacketeth210[30006]: segfault at 7fdb38cb9f28 ip 00007fdb43f2ab3f sp 00007fdb38cb9f30 error 6 in libc-2.15.so[7fdb43f07000+19f000]

- -Coop

On 7/10/2013 11:57 PM, Peter Manev wrote:
> Hi,
> 
> What does your configure line looks like?
> What is the output of suricata --build-info ?
> 
> thanks
> 
> 
> On Thu, Jul 11, 2013 at 1:10 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> I thought I would try building suricata against file v.4.17
> 
> libmagic was built and all relevant files copied to /opt/libmagic.
> Suricata was compiled against the libmagic libraries/headers in this
> directory.
> 
> Checking the binary, it appears its still linked against the system library:
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR3ljhAAoJEKIFRYQsa8FWWTsH/15oo6tlo6oMqJkckQ0CsLhh
F4rHUr90teBeQ3NwXY+QtMtrme6y3RKx711bPmB2XURLGK7nFE2yvOwDZq1ldjFD
6yY7G7Le/J0rACBvVkXAGQYA5XmP8dwLEn8/kkCTPNY8qphPo12CptpD0ZOyRsqU
+1xVX/u4c9zuqsZFZAC1bu+AIf2ExhAvFguKN8GyjZEol1d/x+e2ZwG978iO79CP
wD1zTSIU8NEYveHPfWl/vN0dRqgWYY7mcM6CRAN7bCnUG4xpVj/BX5iJ8WTcmGYT
QHBBHxZ8aBJDjszj5cxfQQNAf//c0eUB7dOYXV6K13sfMUFWf1+TW/FfaPmTpyo=
=wTrK
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list