[Oisf-users] filesha256/filemd5
erik clark
philosnef at gmail.com
Thu Feb 16 17:37:44 UTC 2017
Ok, so I am running 3.1.3, and I am getting an error,
"SC_ERR_INVALID_SIGNATURE
My signature is just:
alert http any any -> any any (msg:"blacklist";
filesha256:sha256-chksum.list; filestore; sid: 667; rev:1;)
Any ideas why I am getting this error?
On Thu, Feb 9, 2017 at 11:58 AM, erik clark <philosnef at gmail.com> wrote:
> Thank you! Looks good now.
>
> On Thu, Feb 9, 2017 at 11:01 AM, Peter Manev <petermanev at gmail.com> wrote:
>
>> On Thu, Feb 9, 2017 at 4:50 PM, erik clark <philosnef at gmail.com> wrote:
>> > Is it possible to do a filesha256 instead of filemd5? I only see
>> > documentation on filemd5, but have sha256 sums. How can I alert on files
>> > with sha256 sums? Thanks!
>> >
>>
>>
>> The routine is the same -
>> alert http any any -> any any (msg:"Black list checksum match and
>> extract SHA256"; filesha256:fileextraction-chksum.list; filestore;
>> sid:666; rev:1;)
>> and then the file - fileextraction-chksum.list in your rules directory
>> will contain the sha256 sums
>>
>> Can you please open a doc issue on our redmine for that.
>>
>> Thank you
>>
>>
>>
>> >
>> > _______________________________________________
>> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/suppor
>> t/
>> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/
>> oisf-users
>> >
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170216/353051ca/attachment-0002.html>
More information about the Oisf-users
mailing list