[Oisf-users] Lot of errors with latest rule updates

C. L. Martinez carlopmart at gmail.com
Tue Dec 16 08:59:45 UTC 2014

Hi all,

 After upgrading to suricata 2.0.5 from 2.0.4, suricata returns a lot
of errors like these:

16/12/2014 -- 08:56:57 - <Error> - [ERRCODE:
SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ftp" cannot be used in a
signature.  Either detection for this protocol supported yet OR
detection has been disabled for protocol through the yaml option
16/12/2014 -- 08:56:57 - <Error> - [ERRCODE:
SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ftp
$HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ftpchk3.php
possible upload success"; flow:to_client,established; content:"|0d
0a|150 "; content:"ftpchk3.php|0d 0a|226 "; distance:0; nocase;
classtype:attempted-admin; sid:2018417; rev:3;)" from file
/data/config/etc/idpsuricata01/rules/ET-emerging-trojan.rules at line

 With 2.0.4 release, these rules works ok. Any idea how to fix these problems?

More information about the Oisf-users mailing list