Loading XML file './default_filter.xml'... The rule '(?:union....cannot be compiled properly about apache-scalp HOT 20 OPEN

I have the same isue with scalp-0.4.py on SUSE Linux Enterprise Server 11 
(x86_64)2.6.32.12-0.7-default.
Output:
The rule 
'(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:li
ke\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not 
|\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(
]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()
' cannot be compiled properly

Same issue : 
The rule 
'(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:li
ke\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not 
|\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(
]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()
' cannot be compiled properly

Operating system :
Debian Linux 5.0.8 with Python 2.5.2 and scalp 0.4

Log format used for my access logs : 
%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"

Same problem:

Fedora Core 15

python-2.7.1-7.fc15.x86_64

any news about? I have the sape problem 

Red Hat Enterprise Linux ES release 4 (Nahant Update 6)
python-2.3.4-14.4

when trying to exclude the rules, another rule gives the error...

thanks

$ ./scalp-0.4.py --log all.parsed --attack xss,sqli,lfi,ref
Loading XML file 'default_filter.xml'...
The rule 
'(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:li
ke\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not 
|\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(
]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()
' cannot be compiled properly

$ python --version
Python 2.7.1

Same here.
Python 2.5.2

Ok, it seems that there is an extra \ in (?:\w+\s+like\s+\") in front of the ".
But removing it leads to:
sre_constants.error: nothing to repeat

it usually appears with nested 0 something quantifiers (like (x?)* or (x*)*), 
but don't see where that case happens.

Ok, found it... (?:all|distinct|[(!@]*)? should be (?:all|distinct|[(!@]+)?

Next: The rule '(?i:(\%SYSTEMROOT\%))' cannot be compiled properly... the 
construct (?i: (case insensitive non-capturing group) is not supported... 
should be uglyfied as
(?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%))

And that's it, for me default.xml is loaded after those two changes.

Thanks!  Got mine to run!

default_filter.xml with [email protected] fixes applied available here: 
http://pastebin.com/uDziqcD5

Thank you! Helped me out :)

Thanks, the two fixes mentioned here fixed the issue. Why is the xml file not 
updated on the home page of the scalp project? 

Thanks! Mine worked smooth after the fix :)

thank you guys :)

Thanks for the fix and the pastebin.

Worked for me too (Python 2.5.1 on Windows), thanks.

Yey its working so you have to replace 

(?:all|distinct|[(!@]*)?   with   (?:all|distinct|[(!@]+)?

and 

(?i:(\%SYSTEMROOT\%))     with    
(?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%))

It will then run :D have a nice day

Had the same issue on centos , those fixes mention fixed it.

Excelente solution by [email protected] just replace
(?:all|distinct|[(!@]*)?   with   (?:all|distinct|[(!@]+)?
and 
(?i:(\%SYSTEMROOT\%))     with    
(?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%))

Thank you.