Ruleset Update Summary - 2023/06/16 - v10350


0 new OPEN, 0 new PRO (0 + 0)

Hello Folks,

An issue was brought to our attention regarding a pair of Snort rules we published yesterday as a part of our daily rule release:

UNC4841 SEASPY Backdoor Activity M1 - 2046273
UNC4841 SEASPY Backdoor Activity M2 - 2046274

Some users reported issues loading their ruleset, with snort throwing the error:
Can't use flow: stateless option with other optionsFatal Error, Quitting..

As a part of our daily rule release process, we follow a set of QA guidelines in order to ensure problems of this nature do not occur, and if they do, they’re caught prior to release. In this instance, The syntax for this error is different than normal, leading our QA system to have missed this error completely during our validation testing. Going forward, we have made adjustments to our QA process to ensure errors of this nature are caught. We’ve released an Out of Band rule update to resolve this problem immediately. User can download the newest version of ETOPEN or ETPRO Snort ruleset to resolve this problem immediately.

As usual, we will also be doing a standard daily rule update with new signatures later on today as well. We apologize for this inconvenience.