Actions
Feature #1282
closedsupport for base64_decode from snort's ruleset
Description
I'm running pfSense 2.1.5-RELEASE (amd64) on (nano) FreeBSD 8.3-RELEASE-p16 with Suricata 2.0.3 pkg v2.0.2 and snortrules-snapshot-2962.tar.gz with snort 'balanced' IPS rules. I'm seeing the following in my logs:
18/9/2014 -- 14:04:22 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'base64_decode'.
There seem to be only a few snort rules that cough up this message.
Updated by Peter Manev almost 11 years ago
Updated by Victor Julien almost 11 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to 3.0RC2
Updated by Duane Howard almost 10 years ago
Any updates on this? I'd love to see this in 2.1 final.
Updated by Jason Ish almost 10 years ago
Looks like base64_data would also be required. base64_decode decodes the data, base64_data sets the cursor for pattern matching. Probably doesn't make sense to do one without the other.
Updated by Victor Julien over 9 years ago
- Target version changed from 3.0RC2 to 70
Updated by Victor Julien over 9 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 3.0RC1
- % Done changed from 0 to 100
Actions