[Snort-users] Snort start up problem Windows10 Home version 1809!

wkitty42 at windstream.net wkitty42 at windstream.net
Sat Dec 15 17:17:34 EST 2018

On 12/15/18 2:07 PM, CAT Security wrote:

> # HTTP normalization and anomaly detection.  For more information, see 
>     iis_backslash no \
>     iis_delimiter no \
>     iis_unicode no \
>     multi_slash no \
>     utf_8 no \
>     u_encode yes \
> #    webroot no \
> #    decompress_swf { deflate lzma } \
> #    decompress_pdf { deflate }

your problem is here... that trailing backslash is a *nix-ism that means the 
line is continued on the next line...

the solution is to uncomment those three lines and change the decompress_swf one 
so the end of that section looks like this...

     u_encode yes \
     webroot no \
     decompress_swf { deflate } \
     decompress_pdf { deflate }

note there is no trailing "\" on the last line... the main thing here is that 
winwhatever doesn't have the lzma library for some reason so you have to get rid 
of that option or find and build against the lzma library...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*

More information about the Snort-users mailing list