Project

General

Profile

Actions
Copy link

Bug #2004

closed

Invalid file hash computation when force-hash is used

Added by Eric Leblond almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Eric Leblond
Target version:
3.2.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

The hash computed is not correct in Suricata 3.2 when the 'force-hash' keyword is used. This results in false negative (and possibly false positive) when file[hash] keyword is used in a signature.

Actions
Copy link
 #1

Updated by Eric Leblond almost 8 years ago

In fact, the hash is not correct for sha256 if we are using force-hash: [md5, sha256] or force-hash: [md5, sha256]. In both cases, md5 hash is correct.

If using force-hash: [sha256] then the sha256 is correct.

Actions
Copy link
 #2

Updated by Eric Leblond almost 8 years ago

  • % Done changed from 50 to 90
Actions
Copy link
 #3

Updated by Eric Leblond almost 8 years ago

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: Atom PDF