Snort mailing list archives

Previous By Date Next
Previous By Thread Next

pcre/regex help

From: John Hally <JHally () EBSCO COM>
Date: Fri, 29 Sep 2017 12:04:55 +0000
Hi All,

I’m trying to write a rule to capture email addresses being submitted to a web application and I cant seem to get the 
regex to work.

alert tcp $EXTERNAL_NET any -> any 80 (msg:"Target Email Detected"; pcre:"/.+\@.+\..+"; fast_pattern:only; nocase; 
classtype: Target Email Detected ;sid:1000023 ;)

I get the following error when running snort –T:

ERROR: /etc/snort/rules/local.rules Line 30 => unable to parse pcre regex ".+\@.+\..+"

Any help would be greatly appreciated!


Thanks

John.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: