Suricata

Commented added to issue 1889 by Francis Trudeau:

This rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET semicolon test"; flow:established,to_server; content:"Microsoft Office|20|"; http_header; depth:17 classtype:trojan-activity; sid:3031; rev:1;

Does not error on missing semicolon in 3.1.3 or latest git (bbb93e4):

testids/suricata-3.1.3/src/suricata c /etc/suricata/suricata.2.custom.yaml -r test.pcap
23/11/2016 - 16:24:33 - <Notice> - This is Suricata version 3.1.3 RELEASE
23/11/2016 -- 16:24:33 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - Please use 'tls-store' in YAML to configure TLS storage
23/11/2016 -- 16:24:33 - <Notice> - all 1 packet processing threads, 4 management threads initialized, engine >started.
23/11/2016 -- 16:24:33 - <Notice> - Signal Received. Stopping engine.
23/11/2016 -- 16:24:33 - <Notice> - Pcap-file module read 379 packets, 316082 bytes

testids/suricata-git//src/suricata c /etc/suricata/suricata.3.2.custom.yaml -r test.pcap
[13247] 23/11/2016 - 16:27:34 - (suricata.c:1007) <Notice> (SCPrintVersion) -- This is Suricata version 3.2dev (rev bbb93e4)
[13261] 23/11/2016 -- 16:27:34 - (log-pcap.c:680) <Notice> (PcapLogInitRingBuffer) -- Ring buffer initialized with 3 files.
[13247] 23/11/2016 -- 16:27:34 - (tm-threads.c:2098) <Notice> (TmThreadWaitOnThreadInit) -- all 1 packet processing threads, 4 management threads initialized, engine started.
[13247] 23/11/2016 -- 16:27:34 - (suricata.c:2630) <Notice> (main) -- Signal Received. Stopping engine.
[13261] 23/11/2016 -- 16:27:34 - (source-pcap-file.c:388) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 379 packets, 316082 bytes