Re: Re: Rule update with snortcente

["larc" <larc () pandora be>]

Hi,
The date and time changes with every cvs checkout.
the '$Id' keyword is then replaces with the $id header.

Originaly snortcenter checked first if there was a new md5sum of the snortrules package on the snort website, but since 
the md5sum changes everytime bacause date and time changed in the $id headers, SnortCenter has to download the 
snortrules-stable.tar.gz file every time.

Regards,
Stefan Dens

------------------------
 Michael <snorter () gmx net> wrote:
------------------------
Hi Jens,
> thank you for your answer!
>
> But I'm still wondering why date and time of the rules file on www.snort.org
> changes every day if there's no updated rule.
>
> Regards
> Michael
>
>
>
> > Michael,
> >
> > > Why Snortcenter doesn't recognize that there are rules more up to date
> > > on www.snort.org?
> >
> > The way snortcenter checks for new signatures is as follows:
> >
> > * a known signature has a known revision - if that revision increases,
> >   it says "rule has updated"
> > * if it finds an unknown sid, it says "rule added"
> >
> > Apparently the snortrules-stable file has no new rules since 2002/10/31:
> >
> > > grep "\$Id" * | grep "2002/11"
> > > grep "\$Id" * | grep "2002/10"
> > policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20
> > andrewbaker Exp $
> > > grep "\$Id" * | grep "2002/09"
> > attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18
> > 12:52:31 cazz Exp $
> > experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10
> > roesch Exp $
> >
> > There are new rules in cvs HEAD, which work with cvs HEAD only. These
> > are also in the http://www.snort.org/dl/rules/snortrules-current.tar.gz
> > file. 
> >
> > Hth,
> >      jens
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: See the NEW Palm 
> > Tungsten T handheld. Power & Color in a compact size!
> > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> -- 
> +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
> NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users