search

Quantalytics / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

msg field containing backslash not properly entered into sid-msg.map #30

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
ET ruleset SID 2007929 msg field has a backslash in it.  when pulledpork makes 
the sid-msg.map it does not include any text following the backslash.

Tested on the newest svn version on pulledpork (r154).

Original issue reported on code.google.com by whoownsy...@gmail.com on 11 Oct 2010 at 9:34

GoogleCodeExporter commented 9 years ago 
That sid is being updated to remove the : and ; values, these values should not 
be used in a sid msg: field.  I have spoken with ET and they are scrubbing 
their rules as per this requirement

Original comment by Cummin...@gmail.com on 11 Oct 2010 at 10:14

GoogleCodeExporter commented 9 years ago 
I'll verify that it is the ; and : breaking this, rather than the \ before 
closing

Original comment by Cummin...@gmail.com on 11 Oct 2010 at 10:16

GoogleCodeExporter commented 9 years ago 
Confirmed, this is an issue with the : and ; characters, not the backslash.. ET 
will be scrubbing those characters and updating their tarball within the 
hour... all currently affected SIDS are listed:

sid:2002108
sid:2002115
sid:2002116
sid:2003394
sid:2003626
sid:2007615
sid:2007647
sid:2007929
sid:2008043
sid:2008512
sid:2008974
sid:2010872
sid:2007929
sid:2008038
sid:2008625
sid:2009810

Original comment by Cummin...@gmail.com on 11 Oct 2010 at 10:45