Snort with Clamav on HP-UX

["Senthil Prabu.S" <prabu333 () hotpop com>]

Hi William,
   I tried snort with clamav antivirus on HP-UX 11.11 machine.
Snort version is 2.2.0.

I applied the patch and was able to recompile snort and build it.i faced no problem during building.

But when I start snort,
It dumps core.

Following are some of the details about the core file;
# what core
core:
         $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.91.2.3 2003/11/21 10:20:46 guy Exp $ (LBL)
        $Libpcap A.04.00-0.8.3 $
         $Header: /tcpdump/master/libpcap/pcap.c,v 1.63.2.9 2004/03/25 22:40:52 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/inet.c,v 1.58.2.1 2003/11/15 23:26:41 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/gencode.c,v 1.193.2.8 2004/03/29 20:53:47 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/savefile.c,v 1.92.2.11 2004/03/11 23:46:14 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/fad-gifc.c,v 1.4.2.1 2003/11/15 23:26:39 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/optimize.c,v 1.76.2.3 2003/12/22 00:26:36 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.68.2.3 2003/11/19 18:13:48 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.43.2.1 2003/11/15 23:26:49 guy Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/scanner.l,v 1.95.2.3 2004/03/28 21:45:33 fenner Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/grammar.y,v 1.79.2.3 2004/03/28 21:45:32 fenner Exp $ (LBL)
         $Header: /tcpdump/master/libpcap/etherent.c,v 1.21.6.1 2003/11/15 23:26:38 guy Exp $ (LBL)
         $ PATCH_11.11/PHCO_25568  Dec 19 2001 06:21:26 $
        Pthread Interfaces
         $Revision: libpthread.1:    @(#) depot-32pa CUP11.11_BL2002_0405_3 PATCH_11.11 PHCO_26466 Fri Apr  5 12:25:38 
PST 2002 $
        $ClamAV A.04.00-0.75.1 $
        HP-UX libm shared PA1.1 C Math Library 20000331 (201031)   UX11.01
        $MySQL A.04.00-4.0.21 $
        $MySQL A.04.00-4.0.21 $
         $Revision: libxti.2:    STREAMS: PATCH_11.11 (PHNE_27703) Fri Sep 27 13:18:08 PDT 2002 $
        HP Kerberos V5 1.0 (PHSS_29486) Module: libkrb5.sl Date: Dec  5 2003 17:46:54
        HP Kerberos V5 1.0 Module: libk5crypto.sl Date: Sep 11 2000 17:25:09
        HP Kerberos V5 1.0 Module: libcom_err.sl Date: Sep 11 2000 17:12:15
        $PostgreSQL A.04.00-7.4.5 $
         $ PATCH_11.11/PHCO_29029  Jun 27 2003 12:45:28 $
         SMART_BIND
        92453-07 dld dld dld.sl B.11.25 010129
# file core
core:           core file from 'snort' - received SIGSEGV
# gdb snort core
HP gdb 4.5 for PA-RISC 1.1 or 2.0 (narrow), HP-UX 11.00
and target hppa1.1-hp-hpux11.00.
Copyright 1986 - 2001 Free Software Foundation, Inc.
Hewlett-Packard Wildebeest 4.5 (based on GDB) is covered by the
GNU General Public License. Type "show copying" to see the conditions to
change it and/or distribute copies. Type "show warranty" for warranty/support.
..
Core was generated by `snort'.
Program terminated with signal 11, Segmentation fault.
#0  cli_maketrans (root=0x0) at matcher.c:131
131         root->fail = NULL;
(gdb) bt
#0  cli_maketrans (root=0x0) at matcher.c:131
#1  0x690a0 in ClamAVInit+0xa0 ()
#2  0x19bdc in ParsePreprocessor+0xfc ()
#3  0x18864 in ParseRule+0x2d4 ()
#4  0x17ec4 in ParseRulesFile+0x48c ()
#5  0x22ddc in SnortMain+0x79c ()
#6  0x225bc in main+0x2c ()
(gdb) q


Can you help me to debug this.
Any sort of help will be very useful.


Regards,
Senthil Prabu.S

If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.
_________________________________________________________________