Re: [Snort-users] Snort error: Unterminated IP List and clamav problems (SOLVED)

Phil Wood wrote:
> Excuse me for butting in.  Are the following:
>
>   HOME_NET
>   EXTERNAL_NET
>   HTTP_SERVERS
>
> set to valid values such as "any", or [10.1.1.0/24,192.168.1.0/24]?
> The error does say "Unterminated IP List"
>
> On Fri, 2007-09-21 at 22:14 +0200, carlopmart wrote:
> > Sorry rmkml, but it isn't possible. If I change bleeding-dshield.rules 
> > for bleeding-web.rules, error is the same:
> >
> > FATAL ERROR: /etc/snort_ids-lan/bleeding-web.rules(38) => Unterminated 
> > IP List
> >
> > And this error, repeats every rule that I put ... from snort.org, from 
> > bledingedge site ...
> >
> > rmkml wrote:
> > > Hi,
> > > Your error are on line 32 on your bleeding-dshield.rules,
> > > what is on line 32 please ?
> > > test on comments only this line 32.
> > > Regards
> > > Rmkml
> > >
> > >
> > > On Fri, 21 Sep 2007, carlopmart wrote:
> > >
> > > > Date: Fri, 21 Sep 2007 22:04:08 +0200
> > > > From: carlopmart <carlopmart@gmail.com>
> > > > To: snort-users@lists.sourceforge.net
> > > > Subject: [Snort-users] Snort error: Unterminated IP List and clamav 
> > > > problems
> > > >
> > > > Hi all,
> > > >
> > > >  I have installed an ids sensor with snort 2.6.1.5. When I try to
> > > > startup returns me this error:
> > > >
> > > > snort[16936]: FATAL ERROR: /etc/snort_ids-lan/bleeding-dshield.rules(32)
> > > > => Unterminated IP List
> > > >
> > > >  If I disbled all rules, this error doesn't appears .. but i need to
> > > > disable all rules ....
> > > >
> > > > What does it means??
> > > >
> > > > I have compiled snort with this options:
> > > >
> > > > --enable-stream4udp --enable-dynamicplugin --prefix=/usr/local
> > > > --with-mysql --enable-clamav --with-dnet-includes=/usr/local/include
> > > > --with-dnet-libraries=/usr/local/lib
> > > >
> > > >  And another error displayed is referred to clamav:
> > > >
> > > >  LibClamAV Error: Cannot create file
> > > > /tmp/clamav-8dd09f7dffc45dd0a8d680e06f3ee34c/COPYING.
> > > > LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
> > > > LibClamAV Error: Can't load /var/lib/clamav/main.cvd: CVD extraction 
> > > > failure
> > > >
> > > >  I have searching via google, and all posts that I find talks about
> > > > space problems on /tmp directory, but my /tmp directory is 5% of 512 MB
> > > > occuped. How can I fix this??
> > > >
> > > > Many thanks.
> > > > -- 
> > > > CL Martinez
> > > > carlopmart {at} gmail {d0t} com
> > > >
> > > > -------------------------------------------------------------------------
> > > > This SF.net email is sponsored by: Microsoft
> > > > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users@lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users

Oops sorry. Problem was on my HOME_NET definition... I have inserted a 
space between two CIDR entries ... Thanks Phil.

Clamav problem it is already solved too .. I have put "alert-drop" 
param, but this is only possible when snort runs as root ...

many thanks to all.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users