[Oisf-users] Last ET update broken on Hyperscan

Victor Julien lists at inliniac.net
Wed Jul 19 08:56:36 UTC 2017

On 19-07-17 10:34, Sascha Steinbiss wrote:
> Hi all,
>> Quick heads up: yesterdays ET update breaks on Hyperscan. Not sure which
>> rule, or if it's Open or Pro only.
> I've done some quick narrowing down using 'suricata -S' and the ET daily
> changelog
> (https://www.proofpoint.com/us/daily-ruleset-update-summary-20170718).
> Result: For me commenting out the rule with SID 2827194 in
> etpro-mobile_malware.rules fixed the issue.

Great, thanks.

The rule has 'dsize:21;' followed by a 22 byte pattern. So Hyperscan is

Suricata shouldn't crash like this of course, I opened
https://redmine.openinfosecfoundation.org/issues/2187 for that.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list