Snort mailing list archives
wrong version of gen-msg.map on labs?
From: Gregory S Thomas <greg.thomas () pnnl gov>
Date: Thu, 17 Jul 2014 19:49:14 -0700
The version of gen-msg.map in the source tarballs is the same in 2.9.6.0, 2.9.6.1, and 2.9.6.2. The version of gen-msg.map on labs is the same in 2.9.6.0 (http://labs.snort.org/snort/2960/gen-msg.map) and 2.9.6.1 (http://labs.snort.org/snort/2961/gen-msg.map); there is no 2.9.6.2 (http://labs.snort.org/snort/2962/) on labs yet. The differences between the source and labs versions are as follows: shell> diff snort-2.9.6.1/etc/gen-msg.map labs2961/gen-msg.map 1c1 < # $Id$ ---
# $Id: gen-msg.map,v 1.131 2014/03/14 17:09:18 eborgoyn Exp $
281a282,287
120 || 12 || http_inspect: SWF FILE ZLIB DECOMPRESSION FAILURE 120 || 13 || http_inspect: SWF FILE LZMA DECOMPRESSION FAILURE 120 || 14 || http_inspect: PDF FILE DEFLATE DECOMPRESSION FAILURE 120 || 15 || http_inspect: PDF FILE UNSUPPORTED COMPRESSION TYPES 120 || 16 || http_inspect: PDF FILE CASCADED COMPRESSION 120 || 17 || http_inspect: PDF FILE PARSE FAILURE
However, the source code does not appear to support any of the 6 alerts added in the gen-msg.map on labs; definitions for other alerts from generator ID 120 reside in src/preprocessors/HttpInspect/include/hi_eo_events.h. Does gen-msg.map on labs need to be replaced with a correct version? Thanks, Greg Thomas ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- wrong version of gen-msg.map on labs? Gregory S Thomas (Jul 17)
- Re: wrong version of gen-msg.map on labs? Joel Esler (jesler) (Jul 17)
- Re: wrong version of gen-msg.map on labs? Joel Esler (jesler) (Jul 18)
- Re: wrong version of gen-msg.map on labs? Gregory S Thomas (Jul 18)