[Oisf-users] Suricata Segfault With Sig:

Kevin Ross kevross33 at googlemail.com
Wed Aug 6 11:09:33 UTC 2014


I am trying out some local sigs. Whenever I enable this rule or even strip
out some of the content matches it just segfaults. I have others like it
too and they all reach the same but I cannot seem to spot what is wrong and
I though if there is an error in the rule syntax it should just skip over
it anyway? I am using version 2.0 on this sensor.

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"MALWARE-CNC Potential
CnC Response DONE"; flow:established,to_client; content:"200";
http_stat_code; content:"OK"; http_stat_msg; content:"Content-Length|3A|
4|0D 0A|"; http_header; file_data; content:"DONE"; within:4;
classtype:trojan-activity; sid:1769992; rev;1;)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140806/94b8525b/attachment.html>

More information about the Oisf-users mailing list