Snort mailing list archives
Re: SWF/PDF Decompression
From: "Carter Waxman (cwaxman)" <cwaxman () cisco com>
Date: Thu, 17 Dec 2015 14:16:28 +0000
Hi Simon, Are you installing from source or an rpm? You need to have the LZMA development libraries on your system when building to use these options (usually packaged as lzma-dev or lzma-devel). Thanks, Carter From: Simon Wesseldine <simon.wesseldine () idappcom com<mailto:simon.wesseldine () idappcom com>> Date: Thursday, December 17, 2015 at 4:18 AM To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] SWF/PDF Decompression Hi, has anybody else run into problems with version 2.9.8.0 and PDF/SWF Decompression. I am getting an error when running a configuration file that contains these keywords: decompress_swf decompress_pdf Snort will not load and I get an error pointing to these keywords being included. If I remove the keywords, then Snort will load fine. My configuration file was working in the previous version of Snort. I am using 'extended_response_inspection' as well. Best regards, Simon.
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- SWF/PDF Decompression Simon Wesseldine (Dec 17)
- Re: SWF/PDF Decompression Carter Waxman (cwaxman) (Dec 17)
- <Possible follow-ups>
- Re: SWF/PDF Decompression Simon Wesseldine (Dec 18)