[Snort-users] Alternate to Snortcenter2?

Jason Alexander lists at ...9901...
Wed Sep 28 20:17:22 EDT 2005


I'm looking into this now.  It looks like I've found a couple of other 
issues like for some reason rule_combine script that I provide to pull 
all the rulesets together appears to be doing something to the community 
rules becasue I'm getting a major parse error on rule 100000135.

It give me this

Unknown Rule option: 43 (msg:"COMMUNITY IMAP GNU Mailutils request tag 
format string vulnerability"; flow:to_server,established; 
content:"|25|"; pcre:"/^\S*\x25\S*\s/sm"; reference:cve,CAN-2005-1523; 
reference:bugtraq,13764; classtype:attempted-admin; sid:100000135; rev:1;
-> 43 (msg


Wes if you have time can you try to load the 2.4 rule set and see if you 
get the same problem.

Jason


East, Bill wrote:
> Using 
> vrt_pr/snortrules-pr-2.4.tar.gz
> 
> The error was "Unknown Rule option", from parser.php
> 
> SID is 3441





More information about the Snort-users mailing list