[Snort-sigs] Re: snortrules-current not updated since 22 - July

Matt Kettler mkettler at ...189...
Mon Aug 12 16:24:02 EDT 2002

At 09:17 PM 8/11/2002 -0400, Brian wrote:
>According to Jason Haar:
> > No - there is a problem.
> >
> > If you dig down through the Web pages, you are told the rules are:
> >
> > http://www.snort.org/dl/signatures/snortrules.tar.gz
> >
> > However, this file is OLD - May 14th by the looks of it.
> >
> > If you download:
> >
> > http://www.snort.org/dl/snortrules.tar.gz
> >
> > Then you get the new rules.
> >
>the two files you listed are the same file.  Symlinks are your friend.

Agreed, the files are definitely the same. I downloaded both URLs 
(prepending sigs_ to the one from the signatures subdir) and they have 
identical MD5sums:

a71818074ec361458540b668dc24b909 *sigs_snortrules.tar.gz.tar
a71818074ec361458540b668dc24b909 *snortrules.tar.gz.tar

going to http://www.snort.org/dl/signatures/ lists the last modified date 
as Mon Aug 12 18:40:24 2002 EDT for snortrules.tar.gz.
I tried wget -nDV and that indicates:   Last-Modified: Mon, 12 Aug 2002 
22:40:24 GMT

I'm not quite sure how Jason derived that 
http://www.snort.org/dl/signatures/snortrules.tar.gz is modded in May. 
Excessive browser caching of some sort? Or does he have access to the 
website's filesystem and is being confused by ls (which will list the 
symlink's mod time, not the target file's mod time)?

More information about the Snort-sigs mailing list