Re: still fighting with so_rules

[Nigel Houghton <nhoughton () sourcefire com>]

On Sat, Jul 11, 2009 at 3:00 AM, Russell Fulton<r.fulton () auckland ac nz> wrote:
> I see to my dismay that the only precompiled rules for rhe are for 64
> bit 5.0.   Our standard corporate image is 5.3 (32 bit ?).  Having
> finally got one of my sensors upgraded (from reh 3) I get this error:

64 bit 5.0 what?

I'm going to use my extreme guessing powers and surmise that you are
using Red Hat x86_64 so rules from the precompiled directory. Did you
try the so rules from the Fedora i386 directory?

> FATAL ERROR: Failed to load /home/snort/Rules/so_rules/bad-
> traffic.so: /home/snort/Rules/so_rules/bad-traffic.so: wrong ELF
> class: ELFCLASS64

That's what happens when you try to use 64bit files on a 32bit system.

> Google indicates that this is indeed caused by incompatibilities
> between 32 and 64bit binaries.

Google is always right.

> I'm getting rather peeved that sourcefire accepted my $1200 and has so
> far failed to deliver anything that I can use in the way of compiled
> rules.

Did you make a request for something in particular?

> I won't be renewing VRT subscription.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users