[Oisf-users] Lot of errors with latest rule updates
C. L. Martinez
carlopmart at gmail.com
Tue Dec 16 08:59:45 UTC 2014
Hi all,
After upgrading to suricata 2.0.5 from 2.0.4, suricata returns a lot
of errors like these:
16/12/2014 -- 08:56:57 - <Error> - [ERRCODE:
SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ftp" cannot be used in a
signature. Either detection for this protocol supported yet OR
detection has been disabled for protocol through the yaml option
app-layer.protocols.ftp.detection-enabled
16/12/2014 -- 08:56:57 - <Error> - [ERRCODE:
SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ftp
$HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ftpchk3.php
possible upload success"; flow:to_client,established; content:"|0d
0a|150 "; content:"ftpchk3.php|0d 0a|226 "; distance:0; nocase;
reference:url,digitalpbk.blogspot.com/2009/10/ftpchk3-virus-php-pl-hacked-website.html;
reference:url,labs.mwrinfosecurity.com/system/assets/131/original/Journey-to-the-Centre-of-the-Breach.pdf;
classtype:attempted-admin; sid:2018417; rev:3;)" from file
/data/config/etc/idpsuricata01/rules/ET-emerging-trojan.rules at line
2494
With 2.0.4 release, these rules works ok. Any idea how to fix these problems?
More information about the Oisf-users
mailing list