[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-04-26

Research research at ...435...
Mon Apr 26 12:27:38 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release contains support for Snort 2.8.6.0.  Additionally, new
packages have been added that contain 4 digit versioning.

New package names:
1. snortrules-snapshot-2853_s.tar.gz
2. snortrules-snapshot-2860_s.tar.gz

Details:
The packages have been updated with support for Snort 2.8.6.0.
Additionally, a number of improvements have been made to the packages
to
help clarify which packages to use with your specific snort version.

New package names:
1. snortrules-snapshot-2853_s.tar.gz
2. snortrules-snapshot-2860_s.tar.gz

The Old Package names are still available but they are now symlinked to
the new package names.	The symlinks will exist for the next 30 days.

Symlinks Subscriber:
1. snortrules-snapshot-2853_s.tar.gz ->
snortrules-snapshot-CURRENT_s.tar.gz
2. snortrules-snapshot-2853_s.tar.gz ->
snortrules-snapshot-2.8_s.tar.gz

* IMPORTANT *
The above is not a typo. The 2853 is symlinked to CURRENT and 2.8
packages
this is intentional, as to not break auto downloaders that define
CURRENT incorrectly. 

Registered Users:
There are no new symlinks for registered users as the new packages
won't
be available to registered users for 30 days.

Additional Package Updates.

1. Packages are now locked to the version of snort they support.  This
includes sub directories in the packages.  For examples the 2853
packages now only contain SO rules for 2.8.5.3.

2. Snort.conf in etc/ directory has been updated to support additional
features in 2.8.5.3 and 2.8.6.0.  

3. Preprocessor Rules are now contained in the package.

4. For 2.8.6.0 Sensitive data rules are contained in the package.

Not running 2.8.5.3 and downloading CURRENT / 2.8 / 2853 packages ?:

1. You will need to modify oinkmaster, pulled pork, or whatever update
system you are using to remove 2.8.5.3 version specific rule keywords
or
snort will fail to load.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-04-26.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFL1b76QcQOxItLLaMRAq+sAJ9/qu2MSi9GI4QyOK/mXTjl8M1eEgCeKP7K
kS7dMRrLEni+5Zt1I0swp9A=
=6dpf
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list