[Snort-devel] Possible error in snort-2.4 rule set

Erik de Castro Lopo erikd+snort at ...2292...
Wed Aug 3 15:14:08 EDT 2005


On Wed, 3 Aug 2005 08:44:32 -0400
Joel Esler <eslerj at ...2499...> wrote:

> On 8/2/05, Erik de Castro Lopo <erikd+snort at ...2292...> wrote:
> > 
> > HI all,
> > 
> > I found this PCRE expression in Snort rule with sid 3545:
> > 
> > pcre:"fn=Eye\d{4}_\d{2}.log/Rmsi";
> > 
> > Is that a valid PCRE? Where is the '/' at the start?
>
> Whoops...

Yep, it would be kinda nice if the rule parser caught that as
an error.

Erik
-- 
-------------------------------------------------------
[N] Erik de Castro Lopo, Senior Computer Engineer
[E] erik.de.castro.lopo at ...2292...
[W] http://www.sensorynetworks.com
[T] +61 2 83022726
[F] +61 2 94750316
[A] L6/140 William St, East Sydney NSW 2011, Australia
-------------------------------------------------------
"Premature optimization is the root of all evil" - C.A.R.Hoare
"If it doesn't work, don't optimize." - Christian Bau




More information about the Snort-devel mailing list