Snort mailing list archives
Re: PulledPork 0.7.2 errors with ETPro rules
From: Y M <snort () outlook com>
Date: Sun, 22 Nov 2015 16:49:58 +0000
If using PulledPork with the "-d" (do not verify md5) flag, does it continue? Keep in mind that this will download the rules even if the md5 matched on previous runs. Was there any changes on the etpro urls/ file names recently? YM ________________________________ From: Andre DiMino <adimino () sempersecurus org> Sent: Sunday, November 22, 2015 2:22 AM To: snort-users mailinglist Subject: [Snort-users] PulledPork 0.7.2 errors with ETPro rules I've recently noted PulledPork errors when it attempts to download ETPro rulesets. I've been speaking to the developer, and have posted an issue on PulledPork's Github. However I wanted to put this out there in case anyone else is experiencing similar issues. Running PulledPork with ETPro enabled causes the following: ++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2975.tar.gz.... They Match Done! Rules tarball download of community-rules.tar.gz.... Checking latest MD5 for opensource.gz.... They Match Done! Checking latest MD5 for emerging.rules.tar.gz.... No Match Done Rules tarball download of emerging.rules.tar.gz.... They Match Done! Checking latest MD5 for etpro.rules.tar.gz.... Use of uninitialized value $md5 in scalar chomp at /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl<http://pulledpork.pl> line 522. Use of uninitialized value $md5 in pattern match (m//) at /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl<http://pulledpork.pl> line 524. No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done ++++++++++++++++++++ This just loops until it crashes. If I comment out the ETPro ruleset download. everything completes successfully. -- Andre' M. DiMino DeepEnd Research http://www.deependresearch.org<http://deependresearch.org> http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork 0.7.2 errors with ETPro rules Andre DiMino (Nov 21)
- Re: PulledPork 0.7.2 errors with ETPro rules Y M (Nov 22)
- Re: PulledPork 0.7.2 errors with ETPro rules Shirkdog (Nov 22)
- Re: PulledPork 0.7.2 errors with ETPro rules Andre DiMino (Nov 22)
- Re: PulledPork 0.7.2 errors with ETPro rules Will Metcalf (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Andre DiMino (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Will Metcalf (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Shirkdog (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Y M (Nov 22)