Snort.org Blog: Snort 2.9.1 beta coming soon!

[Joel Esler <jesler () sourcefire com>]

http://blog.snort.org/2011/06/snort-291-beta-coming-soon.html

Snort 2.9.1 beta coming soon!

Hope you all are enjoying the weekend.  We wanted to put out a heads-up for those of you that follow Snort's 
development closely of our 2.9.1-beta that should be coming very soon.  I'm going to post a copy of the release notes 
here.  We'll be doing a breakdown of some of the newest features of Snort 2.9.1 upon it's release along with a webcast. 
 This release fixes a ton of bugs that the community has been asking about recently.

We'll post again when the beta release is out, with download links, and an email address about where to provide us 
feedback.

So without further ado, here's the release notes for the 2.9.1 beta:


[*] New Additions
* HTTP aware TCP reassembly support within HTTP Inspect and Stream5, allowing Snort to more intelligently inspect HTTP 
requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).

* SIP preprocessor to identify SIP call channels and provide rule access via new rule option keywords. See the Snort 
Manual and README.sip for details.

* POP3 & IMAP preprocessors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates 
to SMTP preprocessor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort
Manual, README.pop, README.imap, and README.SMTP for details.

* Add support for reading large pcap files.

[*] Improvements
* Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients when Snort generates events 
on related traffic.

* Updates to give shared library rules direct access to gzip decoding capabilities.

* Rule Option Improvements:

- Updates to content modifier http_cookie to not include the HTTP header names themselves in the buffer. This change 
may affect existing rules that leverage this keyword.

- Updates to the file_data and base64_data rule option keywords and added a pkt_data rule option keyword that sets the 
buffer to be used for subsequent content/pcre/etc rule options.

- Updates to the tcp flag rule option keyword to support 'C' and 'E' for CWR and ECN bits.

- Updates to byte_extract rule option keyword to support the same string formats as with byte_test and byte_jump.

* Updates to Snort's build infrastructure and autoconf script for portability and improved checks for library 
dependencies.

* Many updates and improvements to the Snort documentation. Special thanks to all of the contributors from the Snort 
community for working with us and making the documentation more accurate and usable.

* Updates to the sensitive data preprocessor for handling HTTP traffic and reducing false positives.

* Updates to Snort's config parsing to give more meaningful error messages relating to snort.conf errors and 
configuration display at startup.

* Updates to Snort's active response packets whether via response keyword or part of inline normalization.

* Improvements to HTTP Inspect processing of chunked HTTP data.

* Updates to the statistics Snort prints to console or syslog at exit for different preproessors.

* To facilitate easier building of Snort on many of the different platforms supported, Snort now uses pkg-config to 
check for certain library locations. Obtain pkg-config from freedesktop.org.

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation