[Oisf-users] What could be the reason behind this failure?

Victor Julien lists at inliniac.net
Mon Mar 12 07:43:11 UTC 2018


On 12-03-18 04:49, Blason R wrote:
> I am trying to load certain sigs/rules but its failing any reason why or
> how do I debug it?
> 
> 12/3/2018 -- 09:14:41 - <Error> - [ERRCODE:
> SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop udp any
> any -> any 53 (msg: "CleanDNS_Phase1: Malicious domain
> xxlvbrloxvriy2c5.onion"; content:"|10|xxlvbrloxvriy2c5|05|onion|00|";
> nocase;
> reference:url,app.threatconnect.com/auth/indicators/details/host.xhtml?host=xxlvbrloxvriy2c5.onion
> <http://app.threatconnect.com/auth/indicators/details/host.xhtml?host=xxlvbrloxvriy2c5.onion>;
> sid:5700006; rev:1;)" from file /etc/suricata/rules/dnstunnel.rules at
> line 9
> 12/3/2018 -- 09:14:41 - <Error> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)]
> - Loading signatures failed.

It parses correctly here. I suspect there will be an error line above
this telling you the 'url' reference doesn't exist. If so, the solution
would be to load a proper reference.config file.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list