Re: Issue with shared object rules [solved]

[Joel Esler <jesler () sourcefire com>]

Right now, when a new version of Snort is released, non-subscriber users essentially can't use Shared object rules for 
thirty days. We are going steps to fix this. 


--
Joel Esler
Sent from my iPad

On Aug 30, 2013, at 2:14 PM, Anshuman Anil Deshmukh <anshuman () cybage com> wrote:

> [Adding solved tag]
>
> Hi Joel,
>
> Thanks for your help. Just to share some more information on this.
>
> I had downloaded snort version 2.9.5 along with below snortrules-snapshot files which were available at the time of 
> the download with Snort package version 2.9.5. There were no other rule files available for download.
>
> snortrules-snapshot-2931.tar.gz
> snortrules-snapshot-2941.tar.gz
> snortrules-snapshot-2945.tar.gz
> snortrules-snapshot-2946.tar.gz
>
> Initially I had tried using the snortrules version 2946 as it was the only closest match for my version. With this 
> file I was trying to create stub files from the so_rules, but it didn’t worked. Hence only for that reason I had 
> tried to create stub files from the other versions.
>
> I had pointed the same thing in my initial e-mail. I was basically looking for the snortrules-snapshot file relevant 
> to my version which was 2.9.5 which was not available on snort.org when I had downloaded the snort package
>
> Today after I have seen your mail I just checked the snort.org and what a surprise! I was able to see snortrules file 
> specific to version 2.9.5. Today I downloaded this file and my issue got resolved.
>
> One basic question that comes in my mind is why the snortrules-snapshot file specific to version 2.9.5 was not 
> available when snort package 2.9.5. was made available for download. This would really be helpful for new users 
> downloading the snort. I had put more than 2 weeks to figure out what was the problem.
>
> Thanks.
>
> Regards,
> Anshuman
>
> From: Joel Esler [mailto:jesler () sourcefire com]
> Sent: Friday, August 30, 2013 2:42 AM
> To: Anshuman Anil Deshmukh
> Cc: snort-users@
> Subject: Re: [Snort-users] Issue with shared object rules
>
> You are using the wrong version of the rules with your version of Snort.  That is the answer.  They must match.  
> Delete the ones you have, replace them with the correct version.
> Make sure Snort is reading the correct directory.
>
> On Aug 29, 2013, at 3:14 PM, Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com>> wrote:
>
>
>
> Hi,
>
> Waiting for a satisfactory reply. I already sent the error.
>
>
> Regards,
> Anshuman Anil Deshmukh // Information Security-Analyst
> Phone: 91-20-66041700, 91-20-66044700 (Extn. 6114)
> Cell: 91-99230-51641
>
> From: Anshuman Anil Deshmukh
> Sent: Thursday, August 29, 2013 12:38 AM
> To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
> Subject: Re: [Snort-users] Issue with shared object rules
>
> Hi,
>
> Error is same what other users have mentioned in the link specified in my initial mail.
>
> I get the following error upon trying to use the precompiled shared libs from either of CentOS-5.4. As said earlier I 
> tried all other versions of SO rules.
>
> Error is-
> "The dynamic detection library "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0 compiled with dynamic 
> engine library version 1.17 isn't compatible with the current dynamic engine library.
>
> Regards,
> Anshuman Deshmukh
> Sent from Google phone
>
> Joel Esler <jesler () sourcefire com<mailto:jesler () sourcefire com>> wrote:
>
> It helps us tremendously if you paste the error you are getting.
>
> https://github.com/vrtadmin/snort-faq/blob/master/Lists/How-do-I-submit-a-good-question.md
>
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
> On Aug 28, 2013, at 1:30 PM, Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com>> wrote:
>
>
>
>
> Hi,
>
> I tried using SO rules for my version. Even they don't work. I am on Snort version 2.9.5. Even I tried to use the SO 
> rules from all other versions. Outcome is same.
>
> Could you please divert me to the correct file which can be used?
>
> Thanks.
>
>
>
>
>
> Regards,
> Anshuman Deshmukh
> Sent from Google phone
>
> JJ Cummings <cummingsj () gmail com<mailto:cummingsj () gmail com>> wrote:
>
> You are using different versions... The version of SO rules that shop in the rule pack are designated for _that_ 
> version of snort only...
>
> Sent from the iRoad
>
> On Aug 28, 2013, at 7:25, Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com>> wrote:
>   With reference to the discussion for thread http://seclists.org/snort/2013/q3/36 I was trying to get so_rules 
> worked for the Snort version 2.9.5 (x86_64). I am facing the same issue – “…. isn't compatible with the current 
> dynamic engine library”.
>
>   The link http://www.snort.org/dl/snort-current/snort-2.9.4.6.tar.gz provided in this discussion thread doesn’t have 
> any so_rules in it.
>
>   Can anybody in this thread let me know if they were able to resolve the problem of creating stub files on Cent OS 
> 6.4 x86_64? A step-by-step procedure to would help.
>
>   Thanks.
>
>   -Anshuman
>
>
>   "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private 
> Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to 
> be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents 
> of this message is strictly prohibited. If you have received this electronic message in error please notify the 
> sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable 
> precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as 
> a result of any malicious content in this e-mail. You should carry out your own malicious content checks before 
> opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/>
>   ------------------------------------------------------------------------------
>   Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>   Discover the easy way to master current and previous Microsoft technologies
>   and advance your career. Get an incredible 1,500+ hours of step-by-step
>   tutorial videos with LearnDevNow. Subscribe today and save!
>   http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>   _______________________________________________
>   Snort-users mailing list
>   Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
>   Go to this URL to change user options or unsubscribe:
>   https://lists.sourceforge.net/lists/listinfo/snort-users
>   Snort-users list archive:
>   http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>   Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
>
>
>   "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private 
> Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to 
> be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents 
> of this message is strictly prohibited. If you have received this electronic message in error please notify the 
> sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable 
> precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as 
> a result of any malicious content in this e-mail. You should carry out your own malicious content checks before 
> opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/>
>   ------------------------------------------------------------------------------
>   Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>   Discover the easy way to master current and previous Microsoft technologies
>   and advance your career. Get an incredible 1,500+ hours of step-by-step
>   tutorial videos with LearnDevNow. Subscribe today and save!
>   
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk_______________________________________________
>   Snort-users mailing list
>   Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
>   Go to this URL to change user options or unsubscribe:
>   https://lists.sourceforge.net/lists/listinfo/snort-users
>   Snort-users list archive:
>   http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>   Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
>
>
>
>   "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private 
> Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to 
> be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents 
> of this message is strictly prohibited. If you have received this electronic message in error please notify the 
> sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable 
> precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as 
> a result of any malicious content in this e-mail. You should carry out your own malicious content checks before 
> opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/>
>   ------------------------------------------------------------------------------
>   Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>   Discover the easy way to master current and previous Microsoft technologies
>   and advance your career. Get an incredible 1,500+ hours of step-by-step
>   tutorial videos with LearnDevNow. Subscribe today and save!
>   
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk_______________________________________________
>   Snort-users mailing list
>   Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
>   Go to this URL to change user options or unsubscribe:
>   https://lists.sourceforge.net/lists/listinfo/snort-users
>   Snort-users list archive:
>   http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>   Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
> which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
> the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of 
> this message is strictly prohibited. If you have received this electronic message in error please notify the sender 
> by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to 
> minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of 
> any malicious content in this e-mail. You should carry out your own malicious content checks before opening the 
> e-mail or attachment." 
> www.cybage.com
>
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!