[Snort-sigs] snort-rules STABLE update @ Tue Oct 21 02:15:23 2003

Andreas Östling andreaso at ...58...
Sat Oct 25 08:14:38 EDT 2003

On Sat, 25 Oct 2003, Hugo van der Kooij wrote:

> Checked the rule files to make sure but somehow these updates did not make
> it. The last updates were 20031009 on web-misc.rules
> If I download the file manually the file seems to be correct. At least all
> rule files are now dated 20031025

The timestamps on the files are not relevant in this case as they does not
say whether or not the content has changed. Oinkmaster compares each file
and does nothing unless the content diffs.

My spontaneous theory is that this happened:

1. You updated the rules
2. Tarball was modified (broken)
3. Tarball was quickly fixed
4. You updated rules again and oinkmaster correctly determined that it had
   not changed since last update

The snortrules-stable tarball on www.snort.org was accidentally updated
with stuff that only worked with snort-current (like pcre rules as
recently discussed here). These seems to be the changes you're referring
to. However, these changes were quickly backed out:

I'm not sure if the changes that were backed out made the tarball
identical to what it looked like before (it seems to be so, but cvs
history can answer that). This would explain why you never saw these
updates. This is just my theory so please let me know if I'm wrong.


More information about the Snort-sigs mailing list