PulledPork was originally written to handle VRT rulesets from snort.org (none have this formatting flaw) and as such I had not accounted for it, as mentioned previously. The fix is a simple regex modification to the PulledPork code, you can get the patch here: http://pulledpork.googlecode.com/files/pp_304_whitespace.patch and apply it to pulledpork.pl.
For those that might ask the question "what if there are multiple whitespaces, ala \s*" this is NOT the case, I spoke with rotorhead from the ET team and all ET rules are normalized to atleast remove multiple whitespace chars.
This fix has already been checked into svn but I will not be re-releasing 0.3.4 to account for this.. but will likely be generating daily snapshots in the near future.
Cheers,
JJC
For those that might ask the question "what if there are multiple whitespaces, ala \s*" this is NOT the case, I spoke with rotorhead from the ET team and all ET rules are normalized to atleast remove multiple whitespace chars.
This fix has already been checked into svn but I will not be re-releasing 0.3.4 to account for this.. but will likely be generating daily snapshots in the near future.
Cheers,
JJC
No comments:
Post a Comment