[Oisf-users] Last ET update broken on Hyperscan
Victor Julien
lists at inliniac.net
Wed Jul 19 08:56:36 UTC 2017
On 19-07-17 10:34, Sascha Steinbiss wrote:
> Hi all,
>
>> Quick heads up: yesterdays ET update breaks on Hyperscan. Not sure which
>> rule, or if it's Open or Pro only.
>
> I've done some quick narrowing down using 'suricata -S' and the ET daily
> changelog
> (https://www.proofpoint.com/us/daily-ruleset-update-summary-20170718).
> Result: For me commenting out the rule with SID 2827194 in
> etpro-mobile_malware.rules fixed the issue.
Great, thanks.
The rule has 'dsize:21;' followed by a 22 byte pattern. So Hyperscan is
correct.
Suricata shouldn't crash like this of course, I opened
https://redmine.openinfosecfoundation.org/issues/2187 for that.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list