This bug refers to bug #166874 and points out additional sections of default config file (shipped with this version of snort) that cause a runtime error when USE=dynamicplugin is not set: preprocessor ftp_telnet: global \ encrypted_traffic yes \ inspection_type stateful preprocessor ftp_telnet_protocol: telnet \ normalize \ ayt_attack_thresh 200 preprocessor ftp_telnet_protocol: ftp server default \ def_max_param_len 100 \ alt_max_param_len 200 { CWD } \ cmd_validity MODE < char ASBCZ > \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ telnet_cmds yes \ data_chan preprocessor ftp_telnet_protocol: ftp client default \ max_resp_len 256 \ bounce yes \ telnet_cmds yes preprocessor smtp: \ ports { 25 } \ inspection_type stateful \ normalize cmds \ normalize_cmds { EXPN VRFY RCPT } \ alt_max_command_line_len 260 { MAIL } \ alt_max_command_line_len 300 { RCPT } \ alt_max_command_line_len 500 { HELP HELO ETRN } \ alt_max_command_line_len 255 { EXPN VRFY } preprocessor dcerpc: \ autodetect \ max_frag_size 3000 \ memcap 100000 preprocessor dns: \ ports { 53 } \ enable_rdata_overflow I think they should be cut out (e.g. using sed like in http://bugs.gentoo.org/show_bug.cgi?id=166874#c1) when the use flag is not set. It takes some time to figure out what makes snort not to start properly in this case. I did not check any other version of snort but the odds are high that the above description refers to them as well.
*** Bug 176045 has been marked as a duplicate of this bug. ***
fixed in bug 178606 - still work in progress.
