As always, available from our download site on Snort.org, this new version contains the following features:
New Additions
- Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
- Added support to detect new Korean file formats .egg and .alg in the file preprocessor.
- Added support to detect new RAR file-type in the file preprocessor.
Improvements / Fix
- Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
- Fix to whitelist FTP data sessions when no file policy exists.
- Fix RTF file magic to a more generic value to prevent evasions.
- Added debug logs during HTTP reload.
- Added rule SID check during validation.
- Fix an issue where HTTP was processing non-HTTP traffic on port 443.
- Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts.
Any notes or feedback for us on Snort 2.9.15.0? Please shoot us a note over on the Snort-Users mailing list.