Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alternate to Snortcenter2?

From: Jason Alexander <lists () itsecurity3 its uiowa edu>
Date: Wed, 28 Sep 2005 22:16:15 -0500
I'm looking into this now. It looks like I've found a couple of other issues like for some reason rule_combine script that I provide to pull all the rulesets together appears to be doing something to the community rules becasue I'm getting a major parse error on rule 100000135. 

It give me this
Unknown Rule option: 43 (msg:"COMMUNITY IMAP GNU Mailutils request tag format string vulnerability"; flow:to_server,established; content:"|25|"; pcre:"/^\S*\x25\S*\s/sm"; reference:cve,CAN-2005-1523; reference:bugtraq,13764; classtype:attempted-admin; sid:100000135; rev:1; 
-> 43 (msg
Wes if you have time can you try to load the 2.4 rule set and see if you get the same problem. 

Jason


East, Bill wrote:
Using vrt_pr/snortrules-pr-2.4.tar.gz 

The error was "Unknown Rule option", from parser.php

SID is 3441




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: