Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata rule load errors: abuse.ch/URLhaus
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata rule load errors: abuse.ch/URLhaus (Read 3637 times)
dinguz
Sr. Member
Posts: 275
Karma: 13
Suricata rule load errors: abuse.ch/URLhaus
«
on:
October 18, 2019, 07:42:53 pm »
I'm seeing these errors lateley:
Oct 18 00:01:57 haanjdj suricata[20436]: [100108] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gmi97ucro9sv7to01wm6gb|/"; http_uri; depth:36; isdataat:!1,relative; content:"artopinvest.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_11; reference:url, urlhaus.abuse.ch/url/243894/; classtype:trojan-activity;sid:81106994; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.urlhaus.rules at line 1783
They always involve the abuse.ch.urlhaus.rules file. I have compared the faulty entries, and I believe the problem to be the pipe symbol ('|') in for example the entry 'content:"/wp-content/gmi97ucro9sv7to01wm6gb|/"'; it shouldn't be there.
Is this an upstream problem that should be reported there, or is this something that should be dealt with within Opnsense?
«
Last Edit: October 22, 2019, 07:22:43 pm by dinguz
»
Logged
In theory there is no difference between theory and practice. In practice there is.
ruggerio
Sr. Member
Posts: 295
Karma: 11
Re: Suricata rule load errors: abuse.ch/URLhaus
«
Reply #1 on:
November 04, 2019, 06:52:03 am »
Hi,
This should be reported upstream, i think.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Suricata rule load errors: abuse.ch/URLhaus
«
Reply #2 on:
November 04, 2019, 10:48:43 pm »
Quote from: ruggerio on November 04, 2019, 06:52:03 am
Hi,
This should be reported upstream, i think.
Yup...I am getting the same thing!
Logged
franco
Administrator
Hero Member
Posts: 17670
Karma: 1612
Re: Suricata rule load errors: abuse.ch/URLhaus
«
Reply #3 on:
November 05, 2019, 05:09:15 pm »
5.0.1 should be due this November, we try to pick it up and release Suricata 5 to the production track at the same time. So whatever gets reported upstream will be in the update sooner.
Cheers,
Franco
Logged
ruggerio
Sr. Member
Posts: 295
Karma: 11
Re: Suricata rule load errors: abuse.ch/URLhaus
«
Reply #4 on:
November 06, 2019, 07:20:16 am »
I haven't found a possibliy to file a bug. I contacted them by mail. Hopefully it gets fixed.
Logged
ruggerio
Sr. Member
Posts: 295
Karma: 11
Re: Suricata rule load errors: abuse.ch/URLhaus
«
Reply #5 on:
November 06, 2019, 09:04:55 am »
wow, those guys are quick. Got a short response, should be solved. Can anyone test?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata rule load errors: abuse.ch/URLhaus