Snort mailing list archives

Re: SWF/PDF Decompression

From: "Carter Waxman (cwaxman)" <cwaxman () cisco com>
Date: Thu, 17 Dec 2015 14:16:28 +0000

Hi Simon,

Are you installing from source or an rpm? You need to have the LZMA development libraries on your system when building 
to use these options (usually packaged as lzma-dev or lzma-devel).

Thanks,
Carter

From: Simon Wesseldine <simon.wesseldine () idappcom com<mailto:simon.wesseldine () idappcom com>>
Date: Thursday, December 17, 2015 at 4:18 AM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] SWF/PDF Decompression

Hi,
has anybody else run into problems with version 2.9.8.0 and PDF/SWF Decompression.
I am getting an error when running a configuration file that contains these keywords:

decompress_swf
decompress_pdf

Snort will not load and I get an error pointing to these keywords being included.
If I remove the keywords, then Snort will load fine.

My configuration file was working in the previous version of Snort.
I am using 'extended_response_inspection' as well.

Best regards,
Simon.

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

SWF/PDF Decompression Simon Wesseldine (Dec 17)
- Re: SWF/PDF Decompression Carter Waxman (cwaxman) (Dec 17)
- <Possible follow-ups>
- Re: SWF/PDF Decompression Simon Wesseldine (Dec 18)