[Snort-devel] SWF/PDF Decompression

Carter Waxman (cwaxman) cwaxman at ...3461...
Thu Dec 17 09:16:28 EST 2015


Hi Simon,

Are you installing from source or an rpm? You need to have the LZMA development libraries on your system when building to use these options (usually packaged as lzma-dev or lzma-devel).

Thanks,
Carter

From: Simon Wesseldine <simon.wesseldine at ...3589...<mailto:simon.wesseldine at ...3589...>>
Date: Thursday, December 17, 2015 at 4:18 AM
To: "snort-devel at lists.sourceforge.net<mailto:snort-devel at ...362....net>" <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...2763...rge.net>>
Subject: [Snort-devel] SWF/PDF Decompression

Hi,
has anybody else run into problems with version 2.9.8.0 and PDF/SWF Decompression.
I am getting an error when running a configuration file that contains these keywords:

decompress_swf
decompress_pdf

Snort will not load and I get an error pointing to these keywords being included.
If I remove the keywords, then Snort will load fine.

My configuration file was working in the previous version of Snort.
I am using 'extended_response_inspection' as well.

Best regards,
Simon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151217/ca222ee9/attachment.html>


More information about the Snort-devel mailing list