Snort mailing list archives
Re: wrong version of gen-msg.map on labs?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 18 Jul 2014 02:55:11 +0000
Thanks Greg. We'll fix. -- Joel Esler Sent from my iPhone
On Jul 17, 2014, at 22:52, "Gregory S Thomas" <greg.thomas () pnnl gov> wrote: The version of gen-msg.map in the source tarballs is the same in 2.9.6.0, 2.9.6.1, and 2.9.6.2. The version of gen-msg.map on labs is the same in 2.9.6.0 (http://labs.snort.org/snort/2960/gen-msg.map) and 2.9.6.1 (http://labs.snort.org/snort/2961/gen-msg.map); there is no 2.9.6.2 (http://labs.snort.org/snort/2962/) on labs yet. The differences between the source and labs versions are as follows: shell> diff snort-2.9.6.1/etc/gen-msg.map labs2961/gen-msg.map 1c1 < # $Id$ ---# $Id: gen-msg.map,v 1.131 2014/03/14 17:09:18 eborgoyn Exp $281a282,287120 || 12 || http_inspect: SWF FILE ZLIB DECOMPRESSION FAILURE 120 || 13 || http_inspect: SWF FILE LZMA DECOMPRESSION FAILURE 120 || 14 || http_inspect: PDF FILE DEFLATE DECOMPRESSION FAILURE 120 || 15 || http_inspect: PDF FILE UNSUPPORTED COMPRESSION TYPES 120 || 16 || http_inspect: PDF FILE CASCADED COMPRESSION 120 || 17 || http_inspect: PDF FILE PARSE FAILUREHowever, the source code does not appear to support any of the 6 alerts added in the gen-msg.map on labs; definitions for other alerts from generator ID 120 reside in src/preprocessors/HttpInspect/include/hi_eo_events.h. Does gen-msg.map on labs need to be replaced with a correct version? Thanks, Greg Thomas ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- wrong version of gen-msg.map on labs? Gregory S Thomas (Jul 17)
- Re: wrong version of gen-msg.map on labs? Joel Esler (jesler) (Jul 17)
- Re: wrong version of gen-msg.map on labs? Joel Esler (jesler) (Jul 18)
- Re: wrong version of gen-msg.map on labs? Gregory S Thomas (Jul 18)