[Oisf-users] Suricata Segfault With Sig:

Kevin Ross kevross33 at googlemail.com
Wed Aug 6 11:10:46 UTC 2014


Correction on paragraph so it makes sense (tired):

I am trying out some local sigs. Whenever I enable this rule or even strip
out some of the content matches it just segfaults. I have others like it
too and they all do the same but I cannot seem to spot what is wrong. I
thought if there is an error in the rule syntax it should just skip over it
anyway? I am using version 2.0 on this sensor.


On 6 August 2014 12:09, Kevin Ross <kevross33 at googlemail.com> wrote:

> Hi,
>
> I am trying out some local sigs. Whenever I enable this rule or even strip
> out some of the content matches it just segfaults. I have others like it
> too and they all reach the same but I cannot seem to spot what is wrong and
> I though if there is an error in the rule syntax it should just skip over
> it anyway? I am using version 2.0 on this sensor.
>
> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"MALWARE-CNC Potential
> CnC Response DONE"; flow:established,to_client; content:"200";
> http_stat_code; content:"OK"; http_stat_msg; content:"Content-Length|3A|
> 4|0D 0A|"; http_header; file_data; content:"DONE"; within:4;
> classtype:trojan-activity; sid:1769992; rev;1;)
>
> Thanks,
> Kevin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140806/26697773/attachment-0002.html>


More information about the Oisf-users mailing list