I am using Talos VRT rules with subscription and looking at the logs for IPS I see:
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.zip&file.silverlight' is checked but not set. Checked in 28582 and 2 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.doc|file.docm' is checked but no t set. Checked in 43975 and 1 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.rtf|file.ole' is checked but not set. Checked in 37559 and 1 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.tiff|file.doc' is checked but no t set. Checked in 28464 and 1 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.xls&file.ole' is checked but not set. Checked in 30990 and 1 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.class|file.jar' is checked but n ot set. Checked in 31540 and 1 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.doc|file.rtf' is checked but not set. Checked in 45519 and 2 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.ole|file.doc' is checked but not set. Checked in 30533 and 3 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.corel|file.doc' is checked but n ot set. Checked in 36501 and 0 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.swf|file.ole' is checked but not set. Checked in 25676 and 1 other sigs
14:45:32 suricata: [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.pdf&file.ttf' is checked but not set. Checked in 28585 and 1 other sigs
I don’t know how to correct these errors, does anyone else?
Thanks
Dave