[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: Re: [Bleeding-sigs] Possible typo in sid:2001633; and sid:2001634;
From: Matt Jonkman <jonkman () bleedingthreats ! net>
Date: 2007-09-16 9:38:44
Message-ID: 46ECF9A4.2050900 () bleedingthreats ! net
[Download RAW message or body]
I believe you're right. Looks like there was intended to be a period
there that was escaped.
Fixed, thanks for noting it!
Matt
Juergen Leising wrote:
> Hello,
>
> there's possibly a typo in the pcre related part of these rules:
>
> sid: 2001633; rev:6;
> sid: 2001634; rev:5;
>
> Both rules contain one backslash too much: \h means horizontal
> whitespace in terms of libpcre as of version 7.2
> from 19-Jun-07 and higher. Cf. man pcrepattern.
> But it seems that a literal h was actually intended, instead.
>
> Therefore I suggest changing sid: 2001633; rev:6; from
>
> \x2E\htm/mi
>
> to
>
> \x2Ehtm/mi
>
>
>
> and sid: 2001634; rev:5; from
>
> \x2E\hta/mi
>
> to
>
> \x2Ehta/mi
>
>
> And the fact, that there is no quantifier after the parentheses?
> Is this really correct? I don't know.
>
> Bye, bye
>
> Juergen
>
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
--
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------
PGP: http://www.bleedingthreats.com/mattjonkman.asc
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic