Project

General

Profile

Actions

Feature #1283

closed

Feature #549: Extract file attachments from emails

Feature #885: smtp file_data support

support for snort's file_data keyword

Added by john howard over 10 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

I'm running pfSense 2.1.5-RELEASE (amd64) on (nano) FreeBSD 8.3-RELEASE-p16 with Suricata 2.0.3 pkg v2.0.2 and snortrules-snapshot-2962.tar.gz with snort 'balanced' IPS rules. I'm seeing the following in my logs:

18/9/2014 -- 14:04:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or from_client with http.

I'm processing 2 rule files (IPS balanced and GPL Community Rules) of which 6968 rules successfully loaded, 937 rules failed to load. 90% of those failures were of this file_data error type.

Actions

Also available in: Atom PDF