Re: Startup error post-package install

[Research <research () nativemethods com>]

On Feb 28, 2015, at 12:38 AM, Joel Esler (jesler) <jesler () cisco com> wrote:

> > On Feb 26, 2015, at 2:34 PM, Y M <snort () outlook com> wrote:
> >
> >
> >
> > > ERROR: /etc/snort/rules/community-virus.rules(19) !any is not allowed: !$DNS_SERVERS.
> > > Fatal Error, Quitting..
> >
> > This error is due to the fact that $DNS_SERVERS variable is defined as any, however, you have a rule in 
> > "community-virus.rules" that looks for IP addresses that are "not" in $DNS_SERVERS by using the deny operator "!"; 
> > i.e.: the rules is negating any, which is not an IP address. This is not a Snort error per se, you need to define 
> > the IP addresses that should go into $DNS_SERVERS, $HOME_NET, etc so that when the negation takes place, it negates 
> > IP addresses and not the keyword any.
>
>
> community-virus.rules?  We’ve not produced that rule file in <checks the logs>  Heck, I deleted the file from our 
> build system 23 months ago…
>
> Last rule that was added to it was 8 years and 4 months ago…
>
> We have a totally new community rules file system now, it’s available for download here:
>
> https://www.snort.org/downloads
>
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Talos Security Intelligence and Research Group

Hi Joel,

Yes, I believe that was because I was using an old package for my Linux distro.  Upon the advice from the forum and 
downloading the latest release and building from source, that problem went I away and I assume that the erroneous, old 
line in the snort.conf has been removed.

I have also signed up for an Oinkcode and am pulling the latest rules down.

Thanks for following up.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!