[Snort-sigs] pcre syntax error for sid 1229
bmc at ...95...
Fri Mar 19 09:02:25 EST 2004
On Fri, Mar 19, 2004 at 01:47:47PM +0100, Milani Paolo wrote:
> sid 1229 "FTP CWD ..." (from a 2.1 snapshot which is only a few days
> old) gives a lot of false positives because of an error in the
> regular expression syntax: the special character '.' (match anything
> except $) was not escaped.
Yep, this change has already been pushed out to HEAD. I'm not sure
why the sync to 2_1 didn't include them. I'll check on that shortly.
> As a sidenote: isn't using non-greedy quantifiers very bad in terms
> of performance?
Nope. We want to match as few times as possible while still allowing
the rest of the pattern to match to dump out as quickly as possible.
More information about the Snort-sigs