Re: VRT Rules snapshot-CURRENT.tar.gz Download Error?

[JJ Cummings <cummingsj () gmail com>]

That's exactly what "pulledpork" does.. it first checks the latest MD5 from
VRT and compares against the last rules tarball that it fetched.. if
matches.. the it does not re-download the file..

that being said, I am about to check in the code that will handle changes in
the md5 file format.

Cheers,
JJC

pulledpork here: http://code.google.com/p/pulledpork



On Fri, May 29, 2009 at 11:42 AM, Eoin Miller <
eoin.miller () trojanedbinaries com> wrote:

> I think this just MD5 sum's the file after download? How about something
> built into Snort for auto rule updating that would check a page like
> http://dl.snort.org/sub-rules/snortrules-snapshot-CURRENT_s.tar.gz.md5
> against the last downloaded MD5. If it doesn't match, go ahead and
> download the rules then and only then. This should reduce the bandwidth
> load of people just constantly grabbing the 90mb rules file over and
> over. Tenable does something similiar with their NASL feed system.
>
> --
> Eoin Miller
>
>
> Joel Esler wrote:
> > On Fri, May 29, 2009 at 12:56 PM, Jeff Dell <jdell () activeworx com
> > <mailto:jdell () activeworx com>> wrote:
> >
> >     The problem with once a week is what happens if you check on
> >     Monday at 8am and the rules are updated on Monday at 8:05? You
> >     won’t get any updates for 2 weeks. It would be really great to
> >     have something like a checksum that will be available to see if
> >     there is a change in the rules file. This way users know exactly
> >     when an update has occurred and even if they check it every 15
> >     minutes they will be checking a tiny file as compared to 90megs+
> >     file. Then incorporating this into your favorite update utility
> >     will make updates very fast most of the time as there won’t be an
> >     update to the file, and would severely lower the bandwidth that
> >     snort.org <http://snort.org> needs.
> >
> >
> >
> >
> > A tool was recently written by one of our guys here at Sourcefire
> > called "PulledPork".
> > http://code.google.com/p/pulledpork/
> >
> > This tool updates rules and does exactly that (Checks the checksum of
> > the rules first).
> >
> >
> > --
> > joel esler | Sourcefire | gtalk: jesler () sourcefire com
> > <mailto:jesler () sourcefire com> | 302-223-5974
> > ------------------------------------------------------------------------
> ------------------------------------------------------------------------------
> > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> > is a gathering of tech-side developers & brand creativity professionals.
> Meet
> > the minds behind Google Creative Lab, Visual Complexity, Processing, &
> > iPhoneDevCamp as they present alongside digital heavyweights like
> Barbarian
> > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users