Re: Recent Rule Changes

[John York <YorkJ () brcc edu>]

Joel allegedly said:
> Date: Wed, 30 Jun 2010 18:43:50 -0400
> From: Joel Esler <jesler () sourcefire com>
> Subject: [Snort-sigs] Recent Rule Changes

<snip>

> For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort 2.8.5.3, the download links >would look as
> follows:

> Subscriber Release
> http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
> http://www.snort.org/sub-rules/snortrules-snapshot-2853.tar.gz/OINKCODE

> Registered User Release
> http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
> http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/OINKCODE

> You will notice in the above urls the difference in between the two "sub-rules" vs. "reg-rules".  >You will also 
> notice something else, we no longer have "_s" in the URL anymore.  Many people were >getting confused in the 
> difference, and we wanted to clear that up by changing the URL easier to >recognize.

<snip>

I've been troubleshooting other problems I'm having downloading rules with pulledpork.  Either I'm misunderstanding the 
thread that tells what the new url's are, I'm misreading the pulledpork 0.4.2 perl code, or pulledpork has a bug.  It 
looks to me that it always downloads reg-rules, and doesn't have any way in the config file to specify reg-rules or 
sub-rules...

Thanks
John

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs