[Snort-users] Startup error post-package install
Joel Esler (jesler)
jesler at ...589...
Sat Feb 28 00:38:25 EST 2015
On Feb 26, 2015, at 2:34 PM, Y M <snort at ...15979...<mailto:snort at ...16002....>> wrote:
> ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS.
> Fatal Error, Quitting..
This error is due to the fact that $DNS_SERVERS variable is defined as any, however, you have a rule in "community-virus.rules" that looks for IP addresses that are "not" in $DNS_SERVERS by using the deny operator "!"; i.e.: the rules is negating any, which is not an IP address. This is not a Snort error per se, you need to define the IP addresses that should go into $DNS_SERVERS, $HOME_NET, etc so that when the negation takes place, it negates IP addresses and not the keyword any.
community-virus.rules? We’ve not produced that rule file in <checks the logs> Heck, I deleted the file from our build system 23 months ago…
Last rule that was added to it was 8 years and 4 months ago…
We have a totally new community rules file system now, it’s available for download here:
Open Source Manager
Threat Intelligence Team Lead
Talos Security Intelligence and Research Group
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users