Re: Is there an easy way of knowing if your definitions are updated?

[waldo kitty <wkitty42 () windstream net>]

On 1/14/2011 18:33, Joel Esler wrote:
> Research @ Sourcefire.com

thanks... i'll forward my previous post to them since it is already written ;)

> --
> Sent from my iPhone
> Skype:eslerjoel
>
> On Jan 14, 2011, at 6:12 PM, waldo kitty<wkitty42 () windstream net>  wrote:
>
> > first off, my apologies if the threading is broken with this post... i think i may have replied to it incorrectly 
> > but here's the information i have at hand anyway ;)
> >
> >
> > On 1/14/2011 11:23, Joel Esler wrote:
> > > Waldo,
> > >
> > > If you run into these, please let VRT know.
> >
> > do you have an address for them, joel? i believe i've written to them before but i can't recall right now and i 
> > don't have anything showing up for sourcefire or vrt in my addressbooks...
> >
> > > But that stuff should be fixed now.
> >
> > i understand... however...
> >
> > botnet-cnc.rules      24132    Dec 19, 04:45
> > exploit.rules         137056    Jan  9, 04:44
> > oracle.rules         206877    Dec  5, 04:45
> > policy.rules          38877    Jan  9, 04:44
> > rpc.rules          90160    Nov 28, 04:45
> > scada.rules          20872    Nov 28, 04:45
> > specific-threats.rules     267674    Jan  9, 04:44
> > telnet.rules           8381    Nov 28, 04:45
> > voip.rules          26609    Nov 28, 04:45
> > web-activex.rules    1953263    Jan  2, 04:43
> > web-misc.rules         178075    Dec 26, 04:45
> >
> > all of the above have rules lines (some are disabled) above the header boilerplate and one of them, 
> > web-activex.rules, doesn't have any boilerplate in it at all...
> >
> > FWIW: the time/date stamps on the above are likely not accurate as my system does modify some of the files via 
> > oinkmaster when the rules sets are downloaded and merged together...
> >
> > hope this helps ;)
> >
> > > J
> > >
> > > On Jan 14, 2011, at 10:46 AM, waldo kitty wrote:
> > >
> > > > On 1/13/2011 22:29, ccie 6862 wrote:
> > > > > I've looked at the various rule files, and some have a date stamp, while others don't. Even though the rpc.rules 
> > > > > file is updated (AFAIK), the version shows the following:
> > > > >
> > > > > # $Id: rpc.rules,v 1.107.2.11 2010/10/26 16:30:34 vrtbuild Exp $
> > > > >
> > > > > This is the same for the various rule files where the date stamp is several months out. We get the email every 
> > > > > night, but there is always a question in the back of our minds if things are current.
> > > > >
> > > > > What are other people doing?
> > > >
> > > > make sure that you are looking all the way thru the files... some of them got
> > > > farkled a few months back and the new data (rules lines) are/were being tacked
> > > > on to the head of the file instead of the tail below the header... there are a
> > > > few that are still messed up IIRC from the last time i went wading...


------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users