[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-04-26
research at ...435...
Mon Apr 26 12:27:38 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Snort Rules Update
This release contains support for Snort 220.127.116.11. Additionally, new
packages have been added that contain 4 digit versioning.
New package names:
The packages have been updated with support for Snort 18.104.22.168.
Additionally, a number of improvements have been made to the packages
help clarify which packages to use with your specific snort version.
New package names:
The Old Package names are still available but they are now symlinked to
the new package names. The symlinks will exist for the next 30 days.
1. snortrules-snapshot-2853_s.tar.gz ->
2. snortrules-snapshot-2853_s.tar.gz ->
* IMPORTANT *
The above is not a typo. The 2853 is symlinked to CURRENT and 2.8
this is intentional, as to not break auto downloaders that define
There are no new symlinks for registered users as the new packages
be available to registered users for 30 days.
Additional Package Updates.
1. Packages are now locked to the version of snort they support. This
includes sub directories in the packages. For examples the 2853
packages now only contain SO rules for 22.214.171.124.
2. Snort.conf in etc/ directory has been updated to support additional
features in 126.96.36.199 and 188.8.131.52.
3. Preprocessor Rules are now contained in the package.
4. For 184.108.40.206 Sensitive data rules are contained in the package.
Not running 220.127.116.11 and downloading CURRENT / 2.8 / 2853 packages ?:
1. You will need to modify oinkmaster, pulled pork, or whatever update
system you are using to remove 18.104.22.168 version specific rule keywords
snort will fail to load.
For a complete list of new and modified rules please see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-sigs