[Snort-users] To escape or not to escape the colon
julian.wiegmann at ...15603...
Fri Jul 26 07:02:13 EDT 2013
As per manual:
; \ " aka the semi-colon has to be escaped when content matching. (by what? The manual should say that it is a backslash)
content: "string\; string2";
However, I have seen some rules where the colon is also escaped:
content: "string\: string2";
but in the same rule I seen a colon that is not escaped also:
Should we or should we not escape a colon?
Or should I just bite the bullet and use hex?
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
More information about the Snort-users