mailing list archives
Signature Description Oddness
From: "Starner, Mark" <mark.starner () unisys com>
Date: Thu, 6 Feb 2014 09:42:51 -0600
When I upgraded some of my sensors to 220.127.116.11, I saw some weird stuff in my
Base Signature Table
I two different sig_name's for the same signatures (in about 6 case). I'll
detail one instance.
Gid: 142, sid: 6
One Description is: pop: 7bit/8bit/binary/text Extraction failed
The other Description is: pop: Non-Encoded MIME attachment Extraction failed
So I looked at the gen-msg.map on the various systems/versions.
18.104.22.168 shipped with: 142 || 6 || pop: Non-Encoded MIME attachment
22.214.171.124 shipped with: 142 || 6 || pop: Non-Encoded MIME attachment
That's fine, no change between versions.
But when I look in the rules tarballs, the following are in those
126.96.36.199 tarball: 142 || 6 || pop: 7bit/8bit/binary/text Extraction failed
188.8.131.52 tarball: 142 || 6 || pop: 7bit/8bit/binary/text Extraction failed
So the tarball is shipping with different descriptions for some of the
So which description is correct? I would have thought if the description
pop: Non-Encoded MIME attachment Extraction failed
in 184.108.40.206, and then it changed to:
pop: 7bit/8bit/binary/text Extraction failed
and was therefore changed in the tarball, then shouldn't 220.127.116.11's release
have reflected this change?
Or are the files in the tarball never pulled forward to a new release?
Just want to make sure I know which description is the right one. I am
guessing the one in the tarball, just need confirmation.
Mark Starner | Global Infrastructure - Systems | Unisys IT
Unisys | 443-921-0355
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Signature Description Oddness Starner, Mark (Feb 06)