Snort-1.8.1-beta5 (build 56) available

[Martin Roesch <roesch () sourcefire com>]

Ok, I haven't received any crash reports from anyone on beta4 in 24
hours, so either it's stable or nobody is using it. :)  On the off
chance that people are, I've just uploaded what will probably be the
last checkin before 1.8.1 is released, beta5.

Beta 5 has a couple tweaks to the tag code and one big fix that a lot of
people might appreciate: regex for wildcards.  For example, you can now
do this:

alert tcp any any -> $HOME_NET any \
        (flags: A+; \
        content: "|c08f e4ff ffff|/bin/*sh"; regex;\
        msg: "buffer overflow!"; sid: 2341239; rev: 1;)

Note the "*" wildcard in the content string.  You can also use "?" for
single character wildcards as well.  The "regex" keyword modifes the
prior content string, you use it to tell the pattern matcher to consider
and wildcard characters that it sees in the content string as regex
wildcards.  Note that right now you can't mix "nocase" and regex, I'll
see if I can change that before 1.8.1 release.

Beta5 is available in CVS and at
http://www.snort.org/files/snort-1.8.1-beta5.tar.gz
        
    -Marty
        
--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users