![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Alternate to Snortcenter2?
From: Jason Alexander <lists () itsecurity3 its uiowa edu>
Date: Wed, 28 Sep 2005 22:16:15 -0500
I'm looking into this now. It looks like I've found a couple of other issues like for some reason rule_combine script that I provide to pull all the rulesets together appears to be doing something to the community rules becasue I'm getting a major parse error on rule 100000135.
It give me thisUnknown Rule option: 43 (msg:"COMMUNITY IMAP GNU Mailutils request tag format string vulnerability"; flow:to_server,established; content:"|25|"; pcre:"/^\S*\x25\S*\s/sm"; reference:cve,CAN-2005-1523; reference:bugtraq,13764; classtype:attempted-admin; sid:100000135; rev:1;
-> 43 (msgWes if you have time can you try to load the 2.4 rule set and see if you get the same problem.
Jason East, Bill wrote:
Using vrt_pr/snortrules-pr-2.4.tar.gzThe error was "Unknown Rule option", from parser.php SID is 3441
------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alternate to Snortcenter2? East, Bill (Sep 23)
- Re: Alternate to Snortcenter2? Wes Young (Sep 23)
- <Possible follow-ups>
- RE: Alternate to Snortcenter2? East, Bill (Sep 23)
- Re: Alternate to Snortcenter2? Joel Esler (Sep 23)
- Re: Alternate to Snortcenter2? Jason Alexander (Sep 28)