https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022019-09-23T13:25:22ZOpen Information Security FoundationSuricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=136952019-09-23T13:25:22ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/2395">Bug #2395</a>: File_data inspection depth while inspecting base64 decoded data</i> added</li></ul> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=136962019-09-23T13:25:52ZVictor Julienvictor@inliniac.net
<ul><li><strong>Affected Versions</strong> deleted (<del><i>4.0beta1</i></del>)</li></ul><p>It would be good to have a suricata-verify test for this case as well.</p> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=136972019-09-23T13:28:27ZGabriel Somlo
<ul></ul><p>Turns out, my redmine account also doesn't have the power to fix the "affected version" field which should be '5.0rc', i.e., "the latest, greatest, and shiniest currently available". Apologies for that mistake!</p> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=136992019-09-23T13:50:41ZGabriel Somlo
<ul></ul><p>@Victor: hope this does it: <a class="external" href="https://github.com/OISF/suricata-verify/pull/130">https://github.com/OISF/suricata-verify/pull/130</a></p> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=137052019-09-23T20:20:32ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Gabriel Somlo</i></li><li><strong>Target version</strong> set to <i>5.0.0</i></li><li><strong>Affected Versions</strong> <i>5.0beta1</i> added</li></ul> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=137062019-09-23T20:20:38ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li></ul> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=139272019-09-26T12:54:22ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/2522">Bug #2522</a>: The cross-effects of rules on each other, without the use of flowbits.</i> added</li></ul> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=139282019-09-26T12:55:17ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> changed from <i>Gabriel Somlo</i> to <i>Victor Julien</i></li></ul><p>I've done a bit of investigating and it seems this is the same issue as <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: The cross-effects of rules on each other, without the use of flowbits. (Closed)" href="https://redmine.openinfosecfoundation.org/issues/2522">#2522</a>, but then for SMTP. This makes sense, as the fix was only implemented for HTTP.</p> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=139292019-09-26T12:55:36ZVictor Julienvictor@inliniac.net
<ul><li><strong>Affected Versions</strong> <i>5.0rc1</i> added</li><li><strong>Affected Versions</strong> deleted (<del><i>5.0beta1</i></del>)</li></ul> Suricata - Bug #3190: file_data inspection inhibited by additional (non-file_data) content match rulehttps://redmine.openinfosecfoundation.org/issues/3190?journal_id=142172019-10-12T11:22:34ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li></ul><p>Fixed in <a class="external" href="https://github.com/OISF/suricata/pull/4295">https://github.com/OISF/suricata/pull/4295</a></p>