Actions
Bug #737
closedreference parsing - rules
Affected Versions:
Effort:
Difficulty:
Label:
Description
[9898] 28/1/2013 -- 14:47:39 - (detect-reference.c:128) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string nikto-scans [9898] 28/1/2013 -- 14:47:39 - (detect.c:348) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http any any -> any any (msg:"HTTP requests tests - sid 8000001 , pcap - 8000001 "; content:"GET"; http_method; content:"/cgi-bin/cart32.exe"; http_uri; uricontent:"/cgi-bin/cart32.exe"; reference:nikto-scans; sid:8000001; rev:1;)" from file /root/Work/Python/Scripts/test45/8000001.rules at line 1
notice the wrong use of
reference:nikto-scans;
instead of
reference:url, www.webaddress.com;
the output err says:
[ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string nikto-scans
but that is misleading - it is not a pcre expression.
Updated by Victor Julien about 11 years ago
- Assignee set to OISF Dev
- Target version set to 1.4.1
Updated by Anoop Saldanha about 11 years ago
- Assignee changed from OISF Dev to Anoop Saldanha
Updated by Anoop Saldanha about 11 years ago
Updated by Victor Julien about 11 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Merged https://github.com/inliniac/suricata/pull/278, thanks!
Actions