[Snort-devel] Snort 2.9.1 Beta Now Available

Snort Releases snortreleases at ...835...
Mon Jun 13 11:33:33 EDT 2011


Snort 2.9.1 Beta is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Latest Development
Release section.

2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).

****
NOTE: Snort 2.9.1 requires pkg-config be installed for some
of its autoconf processing.  See details below.
****

Snort 2.9.1 introduces the following new capabilities:

   * HTTP aware TCP reassembly support within HTTP Inspect and
     Stream5, allowing Snort to more intelligently inspect HTTP
     requests and responses.  See README.stream5 subsection
     related to Protocol Aware Flushing (PAF).

   * SIP preprocessor to identify SIP call channels and provide
     rule access via new rule option keywords.  See the Snort
     Manual and README.sip for details.

   * POP3 & IMAP preprocessors to decode email attachments in
     Base64, Quoted Printable, and uuencode formats, and updates
     to SMTP preprocessor for decoding email attachments encoded
     as Quoted Printable and uuencode formats.  See the Snort
     Manual, README.pop, README.imap, and README.SMTP for details.

   * Support for reading large pcap files.

   * Logging of HTTP URL (host and filename), SMTP attachment
     filenames and email recipients to unified2 when Snort generates
     events on related traffic.

Additionally, the following updates and improvements have been made:

   * Updates to give shared library rules direct access to gzip
     decoding capabilities.

   * Rule Option Improvements:

     - Updates to content modifier http_cookie to not include
       the HTTP header names themselves in the buffer.  This change
       may affect existing rules that leverage this keyword.

     - Updates to the file_data and base64_data rule option keywords
       and added a pkt_data rule option keyword that sets the buffer
       to be used for subsequent content/pcre/etc rule options.

     - Updates to the tcp flag rule option keyword to support 'C'
       and 'E' for CWR and ECN bits.

     - Updates to byte_extract rule option keyword to support
       the same string formats as with byte_test and byte_jump.

   * Updates to Snort's build infrastructure and autoconf script
     for portability and improved checks for library dependencies.
     To facilitate easier building of Snort on many of the different
     platforms supported, Snort now uses pkg-config to check for
     certain library locations.  Obtain pkg-config from freedesktop.org.

   * Many updates and improvements to the Snort documentation.  Special
     thanks to all of the contributors from the Snort community for
     working with us and making the documentation more accurate and
     usable.

   * Updates to the sensitive data preprocessor for handling HTTP
     traffic and reducing false positives.

   * Updates to Snort's config parsing to provide more meaningful
     error messages relating to snort.conf errors and configuration
     display at startup.

   * Updates to Snort's active response packets whether via response
     keyword or part of inline normalization.

   * Improvements to HTTP Inspect processing of chunked HTTP data.

   * Updates to the statistics Snort prints to console or syslog
     at exit for different preproessors.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to snort-beta at ...2780...

Happy Snorting!
The Snort Release Team





More information about the Snort-devel mailing list