Bug #1329: Invalid rule being processed and loaded. - Suricata - Open Information Security Foundation

Actions

Copy link

#1

Updated by Victor Julien almost 10 years ago

Target version set to 2.0.5

Actions

Copy link

#2

Updated by Duane Howard almost 10 years ago

Sorry for the delay again on testing, been swamped. Looks like it's working to me... =)

[3452] 9/12/2014 -- 15:45:00 - (detect-parse.c:611) <Error> (SigParseProto) -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "this_isnt_a_protocol" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.this_isnt_a_protocol.detection-enabled

[3452] 9/12/2014 -- 15:45:00 - (detect.c:357) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert this_isnt_a_protocol $HOME_NET any -> $EXTERNAL_NET !6666:7000 (msg:"ET TROJAN IRC Channel JOIN on non-standard port"; flow:to_server,established; dsize:<64; content:"JOIN "; nocase; depth:5; pcre:"/&|#|\+|!/R"; reference:url,doc.emergingthreats.net/bin/view/Main/2000348; classtype:trojan-activity; sid:2000348; rev:12;)" from file /etc/suricata/rules/empty.rules at line 5

Actions

Copy link

#3

Updated by Victor Julien almost 10 years ago

Status changed from New to Closed
Assignee set to Victor Julien
% Done changed from 0 to 100

https://github.com/inliniac/suricata/pull/1240

Project

General

Profile

Suricata

Custom queries

Bug #1329

Invalid rule being processed and loaded.

Updated by Victor Julien almost 10 years ago

Updated by Duane Howard almost 10 years ago

Updated by Victor Julien almost 10 years ago