Snort mailing list archives
Re: Snort 2.9.3 Beta Now Available
From: Joshua Kinard <kumba () gentoo org>
Date: Fri, 18 May 2012 14:58:14 -0400
On 05/18/2012 9:55 AM, Snort Releases wrote:
Snort 2.9.3 Beta is now available on snort.org, at http://www.snort.org/snort-downloads/ in the Latest Development Release section.
[*] New additions
* Updates to flowbit rule option to allow for OR and AND
of individual bits within a single rule, and allow flowbits
to be used in multiple groups. See README.flowbits and
the Snort manual for details.
This will be interesting to play with. I take it this was designed to combine multiple uses of the keyword when checking the state of several flowbits?
* Updates to the processing of email attachments for better
handling of non-encoded attachments, and improved memory
management for attachment processing.
I take it this also fixes the handling of ignore_data with respect to the fast-pattern matcher?
* Fix logging of multiple unified2 alerts with reassembled packets.
Looking at the changed code, I think this will also fix the same issue when logging with tcpdump output. I hacked right around that for loop in snort_stream5_tcp.c and was able to fully log all packets associated with a stream when using file_data with SMTP. I suspect this might also fix the use case with flow:only_stream and flow:only_frag. I'll have to test, though. Thanks! -- Joshua Kinard Gentoo/MIPS kumba () gentoo org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.3 Beta Now Available Snort Releases (May 18)
- Re: Snort 2.9.3 Beta Now Available Joshua Kinard (May 18)
- Re: Snort 2.9.3 Beta Now Available Joel Esler (May 18)
- <Possible follow-ups>
- Snort 2.9.3 Beta Now Available Snort Releases (May 18)
- Re: Snort 2.9.3 Beta Now Available Joshua Kinard (May 18)