[Snort-users] Snort error: Unterminated IP List and clamav problems (SOLVED)

carlopmart carlopmart at ...11827...
Fri Sep 21 18:30:37 EDT 2007


Phil Wood wrote:
> Excuse me for butting in.  Are the following:
> 
>   HOME_NET
>   EXTERNAL_NET
>   HTTP_SERVERS
> 
> set to valid values such as "any", or [10.1.1.0/24,192.168.1.0/24]?
> The error does say "Unterminated IP List"
> 
> On Fri, 2007-09-21 at 22:14 +0200, carlopmart wrote:
>> Sorry rmkml, but it isn't possible. If I change bleeding-dshield.rules 
>> for bleeding-web.rules, error is the same:
>>
>> FATAL ERROR: /etc/snort_ids-lan/bleeding-web.rules(38) => Unterminated 
>> IP List
>>
>> And this error, repeats every rule that I put ... from snort.org, from 
>> bledingedge site ...
>>
>> rmkml wrote:
>>> Hi,
>>> Your error are on line 32 on your bleeding-dshield.rules,
>>> what is on line 32 please ?
>>> test on comments only this line 32.
>>> Regards
>>> Rmkml
>>>
>>>
>>> On Fri, 21 Sep 2007, carlopmart wrote:
>>>
>>>> Date: Fri, 21 Sep 2007 22:04:08 +0200
>>>> From: carlopmart <carlopmart at ...11827...>
>>>> To: snort-users at lists.sourceforge.net
>>>> Subject: [Snort-users] Snort error: Unterminated IP List and clamav 
>>>> problems
>>>>
>>>> Hi all,
>>>>
>>>>  I have installed an ids sensor with snort 2.6.1.5. When I try to
>>>> startup returns me this error:
>>>>
>>>> snort[16936]: FATAL ERROR: /etc/snort_ids-lan/bleeding-dshield.rules(32)
>>>> => Unterminated IP List
>>>>
>>>>  If I disbled all rules, this error doesn't appears .. but i need to
>>>> disable all rules ....
>>>>
>>>> What does it means??
>>>>
>>>> I have compiled snort with this options:
>>>>
>>>> --enable-stream4udp --enable-dynamicplugin --prefix=/usr/local
>>>> --with-mysql --enable-clamav --with-dnet-includes=/usr/local/include
>>>> --with-dnet-libraries=/usr/local/lib
>>>>
>>>>  And another error displayed is referred to clamav:
>>>>
>>>>  LibClamAV Error: Cannot create file
>>>> /tmp/clamav-8dd09f7dffc45dd0a8d680e06f3ee34c/COPYING.
>>>> LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
>>>> LibClamAV Error: Can't load /var/lib/clamav/main.cvd: CVD extraction 
>>>> failure
>>>>
>>>>  I have searching via google, and all posts that I find talks about
>>>> space problems on /tmp directory, but my /tmp directory is 5% of 512 MB
>>>> occuped. How can I fix this??
>>>>
>>>> Many thanks.
>>>> -- 
>>>> CL Martinez
>>>> carlopmart {at} gmail {d0t} com
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.net email is sponsored by: Microsoft
>>>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>
> 
> 

Oops sorry. Problem was on my HOME_NET definition... I have inserted a 
space between two CIDR entries ... Thanks Phil.

Clamav problem it is already solved too .. I have put "alert-drop" 
param, but this is only possible when snort runs as root ...

many thanks to all.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com




More information about the Snort-users mailing list