Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata rule load errors: abuse.ch/URLhaus
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata rule load errors: abuse.ch/URLhaus (Read 1544 times)
opleiki
Newbie
Posts: 1
Karma: 0
Suricata rule load errors: abuse.ch/URLhaus
«
on:
July 28, 2020, 05:26:54 am »
I'm seeing these errors lateley:
Oct 18 00:01:57 haanjdj suricata[20436]: [100108] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gmi97ucro9sv7to01wm6gb|/"; http_uri; depth:36; isdataat:!1,relative; content:"artopinvest.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_11; reference:url, urlhaus.abuse.ch/url/243894/; classtype:trojan-activity;sid:81106994; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.urlhaus.rules at line 1783
They always involve the abuse.ch.urlhaus.rules file. I have compared the faulty entries, and I believe the problem to be the pipe symbol ('|') in for example the entry 'content:"/wp-content/gmi97ucro9sv7to01wm6gb|/"'; it shouldn't be there.
Is this an upstream problem that should be reported there, or is this something that should be dealt with within Opnsense?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Suricata rule load errors: abuse.ch/URLhaus
«
Reply #1 on:
July 28, 2020, 06:58:57 am »
You can tweet this link to urlhaus abuse.ch Twitter account so they can have a look
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata rule load errors: abuse.ch/URLhaus