Snort mailing list archives
Re: SMTP content-type overflow rule question
From: Rich Graves <rcgraves () gmail com>
Date: Fri, 3 Dec 2010 20:13:13 -0600 (CST)
Am I correct in thinking that: {300,}$ means "at least 300 occurrences of the preceding character class, then end-of-line and {300} mean "exactly 300 occurrences of the preceding character class"
No, "{300,}$" means "300 or more matches, and must match up to the very end." "{300}" means "match 300," which really means "at least 300." We never look at the 301st character. The earlier version is more expensive on lines exceeding 300 characters, and could potentially false-negative if \r or \n appear after the 300th. ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SMTP content-type overflow rule question Bobby Venal (Dec 03)
- Re: SMTP content-type overflow rule question Joel Esler (Dec 03)
- Re: SMTP content-type overflow rule question Rich Graves (Dec 03)
- Re: SMTP content-type overflow rule question Joel Esler (Dec 03)