Snort mailing list archives
Pulledpork missing VRT rules
From: xinland66 () gmail com
Date: Fri, 11 Sep 2015 21:54:07 -0400
Hi, When I ran pulledpork with the -k option. I noticed the many VRT rules were missing compared to the downloaded tar ball. 69 out of about 120 rules. Please advise. Below is what I got from the pulledpork.
# ls -l rules -rw-r--r-- 1 root root 55257 Sep 11 21:40 rules/VRT-app-detect.rules -rw-r--r-- 1 root root 1121333 Sep 11 21:40 rules/VRT-blacklist.rules -rw-r--r-- 1 root root 16024 Sep 11 21:40 rules/VRT-browser-chrome.rules -rw-r--r-- 1 root root 95146 Sep 11 21:40 rules/VRT-browser-firefox.rules -rw-r--r-- 1 root root 828124 Sep 11 21:40 rules/VRT-browser-ie.rules -rw-r--r-- 1 root root 16272 Sep 11 21:40 rules/VRT-browser-other.rules -rw-r--r-- 1 root root 1354654 Sep 11 21:40 rules/VRT-browser-plugins.rules -rw-r--r-- 1 root root 34306 Sep 11 21:40 rules/VRT-browser-webkit.rules -rw-r--r-- 1 root root 7089 Sep 11 21:40 rules/VRT-content-replace.rules -rw-r--r-- 1 root root 20189 Sep 11 21:40 rules/VRT-decoder.rules -rw-r--r-- 1 root root 331442 Sep 11 21:40 rules/VRT-exploit-kit.rules -rw-r--r-- 1 root root 30151 Sep 11 21:40 rules/VRT-file-executable.rules -rw-r--r-- 1 root root 560740 Sep 11 21:40 rules/VRT-file-flash.rules -rw-r--r-- 1 root root 434117 Sep 11 21:40 rules/VRT-file-identify.rules -rw-r--r-- 1 root root 99884 Sep 11 21:40 rules/VRT-file-image.rules -rw-r--r-- 1 root root 105022 Sep 11 21:40 rules/VRT-file-java.rules -rw-r--r-- 1 root root 158159 Sep 11 21:40 rules/VRT-file-multimedia.rules -rw-r--r-- 1 root root 500635 Sep 11 21:40 rules/VRT-file-office.rules -rw-r--r-- 1 root root 387176 Sep 11 21:40 rules/VRT-file-other.rules -rw-r--r-- 1 root root 316067 Sep 11 21:40 rules/VRT-file-pdf.rules -rw-r--r-- 1 root root 95366 Sep 11 21:40 rules/VRT-indicator-compromise.rules -rw-r--r-- 1 root root 56770 Sep 11 21:40 rules/VRT-indicator-obfuscation.rules -rw-r--r-- 1 root root 9341 Sep 11 21:40 rules/VRT-indicator-scan.rules -rw-r--r-- 1 root root 88907 Sep 11 21:40 rules/VRT-indicator-shellcode.rules -rw-r--r-- 1 root root 288729 Sep 11 21:40 rules/VRT-malware-backdoor.rules -rw-r--r-- 1 root root 1519406 Sep 11 21:40 rules/VRT-malware-cnc.rules -rw-r--r-- 1 root root 287455 Sep 11 21:40 rules/VRT-malware-other.rules -rw-r--r-- 1 root root 58827 Sep 11 21:40 rules/VRT-malware-tools.rules -rw-r--r-- 1 root root 130212 Sep 11 21:40 rules/VRT-netbios.rules -rw-r--r-- 1 root root 8550 Sep 11 21:40 rules/VRT-os-linux.rules -rw-r--r-- 1 root root 51658 Sep 11 21:40 rules/VRT-os-mobile.rules -rw-r--r-- 1 root root 16695 Sep 11 21:40 rules/VRT-os-other.rules -rw-r--r-- 1 root root 3757 Sep 11 21:40 rules/VRT-os-solaris.rules -rw-r--r-- 1 root root 413157 Sep 11 21:40 rules/VRT-os-windows.rules -rw-r--r-- 1 root root 2129 Sep 11 21:40 rules/VRT-policy-multimedia.rules -rw-r--r-- 1 root root 47030 Sep 11 21:40 rules/VRT-policy-other.rules -rw-r--r-- 1 root root 24937 Sep 11 21:40 rules/VRT-policy-social.rules -rw-r--r-- 1 root root 64486 Sep 11 21:40 rules/VRT-policy-spam.rules -rw-r--r-- 1 root root 42858 Sep 11 21:40 rules/VRT-preprocessor.rules -rw-r--r-- 1 root root 15577 Sep 11 21:40 rules/VRT-protocol-dns.rules -rw-r--r-- 1 root root 3551 Sep 11 21:40 rules/VRT-protocol-finger.rules -rw-r--r-- 1 root root 38795 Sep 11 21:40 rules/VRT-protocol-ftp.rules -rw-r--r-- 1 root root 33541 Sep 11 21:40 rules/VRT-protocol-icmp.rules -rw-r--r-- 1 root root 19809 Sep 11 21:40 rules/VRT-protocol-imap.rules -rw-r--r-- 1 root root 4633 Sep 11 21:40 rules/VRT-protocol-nntp.rules -rw-r--r-- 1 root root 8209 Sep 11 21:40 rules/VRT-protocol-pop.rules -rw-r--r-- 1 root root 94762 Sep 11 21:40 rules/VRT-protocol-rpc.rules -rw-r--r-- 1 root root 96899 Sep 11 21:40 rules/VRT-protocol-scada.rules -rw-r--r-- 1 root root 5381 Sep 11 21:40 rules/VRT-protocol-services.rules -rw-r--r-- 1 root root 14120 Sep 11 21:40 rules/VRT-protocol-snmp.rules -rw-r--r-- 1 root root 10746 Sep 11 21:40 rules/VRT-protocol-telnet.rules -rw-r--r-- 1 root root 7035 Sep 11 21:40 rules/VRT-protocol-tftp.rules -rw-r--r-- 1 root root 96851 Sep 11 21:40 rules/VRT-protocol-voip.rules -rw-r--r-- 1 root root 358411 Sep 11 21:40 rules/VRT-pua-adware.rules -rw-r--r-- 1 root root 9310 Sep 11 21:40 rules/VRT-pua-other.rules -rw-r--r-- 1 root root 7135 Sep 11 21:40 rules/VRT-pua-p2p.rules -rw-r--r-- 1 root root 90999 Sep 11 21:40 rules/VRT-pua-toolbars.rules -rw-r--r-- 1 root root 1405 Sep 11 21:40 rules/VRT-sensitive-data.rules -rw-r--r-- 1 root root 44364 Sep 11 21:40 rules/VRT-server-apache.rules -rw-r--r-- 1 root root 76723 Sep 11 21:40 rules/VRT-server-iis.rules -rw-r--r-- 1 root root 66046 Sep 11 21:40 rules/VRT-server-mail.rules -rw-r--r-- 1 root root 29186 Sep 11 21:40 rules/VRT-server-mssql.rules -rw-r--r-- 1 root root 28865 Sep 11 21:40 rules/VRT-server-mysql.rules -rw-r--r-- 1 root root 234727 Sep 11 21:40 rules/VRT-server-oracle.rules -rw-r--r-- 1 root root 542148 Sep 11 21:40 rules/VRT-server-other.rules -rw-r--r-- 1 root root 14153 Sep 11 21:40 rules/VRT-server-samba.rules -rw-r--r-- 1 root root 840655 Sep 11 21:40 rules/VRT-server-webapp.rules -rw-r--r-- 1 root root 33116 Sep 11 21:40 rules/VRT-sql.rules -rw-r--r-- 1 root root 1007 Sep 11 21:40 rules/VRT-x11.rules
Below is what is in the downloaded tar ball.
-rw-r--r-- 1 1210 1210 56210 Sep 10 13:39 app-detect.rules -rw-r--r-- 1 1210 1210 1061 May 6 2013 attack-responses.rules -rw-r--r-- 1 1210 1210 1037 May 6 2013 backdoor.rules -rw-r--r-- 1 1210 1210 1046 May 6 2013 bad-traffic.rules -rw-r--r-- 1 1210 1210 1122284 Sep 10 13:39 blacklist.rules -rw-r--r-- 1 1210 1210 1043 May 6 2013 botnet-cnc.rules -rw-r--r-- 1 1210 1210 16985 Sep 10 13:39 browser-chrome.rules -rw-r--r-- 1 1210 1210 96109 Sep 10 13:39 browser-firefox.rules -rw-r--r-- 1 1210 1210 829077 Sep 10 13:39 browser-ie.rules -rw-r--r-- 1 1210 1210 17231 Sep 10 13:39 browser-other.rules -rw-r--r-- 1 1210 1210 1355617 Sep 10 13:39 browser-plugins.rules -rw-r--r-- 1 1210 1210 35267 Sep 10 13:39 browser-webkit.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 chat.rules -rw-r--r-- 1 1210 1210 8052 Sep 10 13:39 content-replace.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 ddos.rules -rw-r--r-- 1 1210 1210 6646740 Sep 10 13:39 deleted.rules -rw-r--r-- 1 1210 1210 1022 Jun 19 2013 dns.rules -rw-r--r-- 1 1210 1210 1022 Feb 9 2015 dos.rules -rw-r--r-- 1 1210 1210 1049 May 6 2013 experimental.rules -rw-r--r-- 1 1210 1210 332415 Sep 10 13:39 exploit-kit.rules -rw-r--r-- 1 1210 1210 1034 May 6 2013 exploit.rules -rw-r--r-- 1 1210 1210 31114 Sep 10 13:39 file-executable.rules -rw-r--r-- 1 1210 1210 561693 Sep 10 13:39 file-flash.rules -rw-r--r-- 1 1210 1210 435088 Sep 10 13:39 file-identify.rules -rw-r--r-- 1 1210 1210 100837 Sep 10 13:39 file-image.rules -rw-r--r-- 1 1210 1210 105973 Sep 10 13:39 file-java.rules -rw-r--r-- 1 1210 1210 159122 Sep 10 13:39 file-multimedia.rules -rw-r--r-- 1 1210 1210 501590 Sep 10 13:39 file-office.rules -rw-r--r-- 1 1210 1210 388129 Sep 10 13:39 file-other.rules -rw-r--r-- 1 1210 1210 317016 Sep 10 13:39 file-pdf.rules -rw-r--r-- 1 1210 1210 1031 May 6 2013 finger.rules -rw-r--r-- 1 1210 1210 1022 May 6 2013 ftp.rules -rw-r--r-- 1 1210 1210 1040 May 6 2013 icmp-info.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 icmp.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 imap.rules -rw-r--r-- 1 1210 1210 96339 Sep 10 13:39 indicator-compromise.rules -rw-r--r-- 1 1210 1210 57745 Sep 10 13:39 indicator-obfuscation.rules -rw-r--r-- 1 1210 1210 10302 Sep 10 13:39 indicator-scan.rules -rw-r--r-- 1 1210 1210 89878 Sep 10 13:39 indicator-shellcode.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 info.rules -rw-r--r-- 1 1210 1210 1028 May 6 2013 local.rules -rw-r--r-- 1 1210 1210 289694 Sep 10 13:39 malware-backdoor.rules -rw-r--r-- 1 1210 1210 1520361 Sep 10 13:39 malware-cnc.rules -rw-r--r-- 1 1210 1210 288414 Sep 10 13:39 malware-other.rules -rw-r--r-- 1 1210 1210 59786 Sep 10 13:39 malware-tools.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 misc.rules -rw-r--r-- 1 1210 1210 1043 May 6 2013 multimedia.rules -rw-r--r-- 1 1210 1210 1028 May 6 2013 mysql.rules -rw-r--r-- 1 1210 1210 131163 Sep 10 13:39 netbios.rules -rw-r--r-- 1 1210 1210 1025 Jun 19 2013 nntp.rules -rw-r--r-- 1 1210 1210 1031 May 6 2013 oracle.rules -rw-r--r-- 1 1210 1210 9499 Sep 10 13:39 os-linux.rules -rw-r--r-- 1 1210 1210 52609 Sep 10 13:39 os-mobile.rules -rw-r--r-- 1 1210 1210 17644 Sep 10 13:39 os-other.rules -rw-r--r-- 1 1210 1210 4710 Sep 10 13:39 os-solaris.rules -rw-r--r-- 1 1210 1210 414112 Sep 10 13:39 os-windows.rules -rw-r--r-- 1 1210 1210 1040 May 6 2013 other-ids.rules -rw-r--r-- 1 1210 1210 1022 May 6 2013 p2p.rules -rw-r--r-- 1 1210 1210 1052 May 6 2013 phishing-spam.rules -rw-r--r-- 1 1210 1210 3096 Sep 10 13:39 policy-multimedia.rules -rw-r--r-- 1 1210 1210 47987 Sep 10 13:39 policy-other.rules -rw-r--r-- 1 1210 1210 1031 May 6 2013 policy.rules -rw-r--r-- 1 1210 1210 25896 Sep 10 13:39 policy-social.rules -rw-r--r-- 1 1210 1210 65441 Sep 10 13:39 policy-spam.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 pop2.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 pop3.rules -rw-r--r-- 1 1210 1210 16534 Sep 10 13:39 protocol-dns.rules -rw-r--r-- 1 1210 1210 4514 Sep 10 13:39 protocol-finger.rules -rw-r--r-- 1 1210 1210 39752 Sep 10 13:39 protocol-ftp.rules -rw-r--r-- 1 1210 1210 34500 Sep 10 13:39 protocol-icmp.rules -rw-r--r-- 1 1210 1210 20768 Sep 10 13:39 protocol-imap.rules -rw-r--r-- 1 1210 1210 5592 Sep 10 13:39 protocol-nntp.rules -rw-r--r-- 1 1210 1210 0 Aug 25 2014 protocol-other.rules -rw-r--r-- 1 1210 1210 9166 Sep 10 13:39 protocol-pop.rules -rw-r--r-- 1 1210 1210 95719 Sep 10 13:39 protocol-rpc.rules -rw-r--r-- 1 1210 1210 97860 Sep 10 13:39 protocol-scada.rules -rw-r--r-- 1 1210 1210 6348 Sep 10 13:39 protocol-services.rules -rw-r--r-- 1 1210 1210 15079 Sep 10 13:39 protocol-snmp.rules -rw-r--r-- 1 1210 1210 11713 Sep 10 13:39 protocol-telnet.rules -rw-r--r-- 1 1210 1210 7994 Sep 10 13:39 protocol-tftp.rules -rw-r--r-- 1 1210 1210 97810 Sep 10 13:39 protocol-voip.rules -rw-r--r-- 1 1210 1210 359364 Sep 10 13:39 pua-adware.rules -rw-r--r-- 1 1210 1210 10261 Sep 10 13:39 pua-other.rules -rw-r--r-- 1 1210 1210 8082 Sep 10 13:39 pua-p2p.rules -rw-r--r-- 1 1210 1210 91956 Sep 10 13:39 pua-toolbars.rules -rw-r--r-- 1 1210 1210 1022 Jun 19 2013 rpc.rules -rw-r--r-- 1 1210 1210 1040 May 6 2013 rservices.rules -rw-r--r-- 1 1210 1210 1028 Feb 9 2015 scada.rules -rw-r--r-- 1 1210 1210 1025 Jun 19 2013 scan.rules -rw-r--r-- 1 1210 1210 45323 Sep 10 13:39 server-apache.rules -rw-r--r-- 1 1210 1210 77676 Sep 10 13:39 server-iis.rules -rw-r--r-- 1 1210 1210 67001 Sep 10 13:39 server-mail.rules -rw-r--r-- 1 1210 1210 30143 Sep 10 13:39 server-mssql.rules -rw-r--r-- 1 1210 1210 29822 Sep 10 13:39 server-mysql.rules -rw-r--r-- 1 1210 1210 235686 Sep 10 13:39 server-oracle.rules -rw-r--r-- 1 1210 1210 543107 Sep 10 13:39 server-other.rules -rw-r--r-- 1 1210 1210 15110 Sep 10 13:39 server-samba.rules -rw-r--r-- 1 1210 1210 841614 Sep 10 13:39 server-webapp.rules -rw-r--r-- 1 1210 1210 1040 May 6 2013 shellcode.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 smtp.rules -rw-r--r-- 1 1210 1210 1025 Jun 19 2013 snmp.rules -rw-r--r-- 1 1210 1210 1061 May 6 2013 specific-threats.rules -rw-r--r-- 1 1210 1210 1046 May 6 2013 spyware-put.rules -rw-r--r-- 1 1210 1210 34055 Sep 10 13:39 sql.rules -rw-r--r-- 1 1210 1210 1031 Jun 19 2013 telnet.rules -rw-r--r-- 1 1210 1210 1025 Jun 19 2013 tftp.rules -rw-r--r-- 1 1210 1210 1028 May 6 2013 virus.rules -rw-r--r-- 1 1210 1210 1025 May 6 2013 voip.rules -rw-r--r-- 1 1210 1210 21083 Sep 10 13:36 VRT-License.txt -rw-r--r-- 1 1210 1210 1046 May 6 2013 web-activex.rules -rw-r--r-- 1 1210 1210 1046 May 6 2013 web-attacks.rules -rw-r--r-- 1 1210 1210 1034 May 6 2013 web-cgi.rules -rw-r--r-- 1 1210 1210 1043 May 6 2013 web-client.rules -rw-r--r-- 1 1210 1210 1055 May 6 2013 web-coldfusion.rules -rw-r--r-- 1 1210 1210 1052 May 6 2013 web-frontpage.rules -rw-r--r-- 1 1210 1210 1034 May 6 2013 web-iis.rules -rw-r--r-- 1 1210 1210 1037 May 6 2013 web-misc.rules -rw-r--r-- 1 1210 1210 1034 May 6 2013 web-php.rules -rw-r--r-- 1 1210 1210 1946 Sep 10 13:39 x11.rules
Thanks, KL
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulledpork missing VRT rules xinland66 (Sep 11)
- Re: Pulledpork missing VRT rules Joel Esler (jesler) (Sep 12)
- Re: Pulledpork missing VRT rules xinland66 (Sep 12)
- Re: Pulledpork missing VRT rules Joel Esler (jesler) (Sep 12)