Re: sdf preprocessor: partial matches/false positives

[Bram <bram-fabeg () mail wizbit be>]

A minor follow up on this:

This was also reported (by others) to 'snort-sigs' mailing lists: (I'm  
not subscribed to this lists so I haven't replied on it)

Some that I noticed:

* 2013-08-01: [Snort-sigs] sensitive-data email alerts:
* 2013-07-25: [Snort-sigs] question :: interest in testing SENF  
preprocessor for Snort?


Best regards,

Bram

Quoting Hui Cao <hcao () sourcefire com>:

> Hi Bram,
>
> Thanks for reporting this issue. We will look into it.
>
> Best,
> Hui.
>
> On Fri, Jul 19, 2013 at 5:21 PM, Bram <bram-fabeg () mail wizbit be> wrote:
> > Hi,
> >
> >
> > There appears to be an issue with the sdf preprocossor: when the regex
> > partially matches at the end of a data packet then the match count is
> > increased.
> > This then results in false positives.
> ..



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!