[Snort-users] PulledPork not processing

Joel Esler jesler at ...1935...
Sun Feb 10 10:38:33 EST 2013


Wow.  That's pretty slow.  On Unix it takes about 10 seconds give or take.
 But no, Pulledpork is sell contained except for a few libraries and is
meant to be that way.


On Sun, Feb 10, 2013 at 9:57 AM, Michael Steele <michaels at ...9077...>wrote:

> Problem solved. It appears that some of the Perl packages were corrupted.*
> ***
>
> ** **
>
> However; Does anyone have a work around for the installation of the
> Signatures. I don’t know about UNIX, but  on Windows it takes at least 30
> minutes for Perl to extract.****
>
> ** **
>
> Is it possible for the pulledpork.pl file to extract with a native OS
> extraction tool?****
>
> ** **
>
> Best regards,****
>
> Michael...****
>
> ** **
>
> *From:* Michael Steele [mailto:michaels at ...9077...]
> *Sent:* Saturday, February 09, 2013 1:49 PM
> *To:* snort-users at lists.sourceforge.net
> *Subject:* [Snort-users] PulledPork not processing****
>
> ** **
>
> This is the latest pull from the SVN.****
>
> ** **
>
> It appears PulledPork is trying to process the rules twice. In the temp
> folder I’m only getting a partial transfer of the rules and the MD5 file.
> ****
>
> ** **
>
> ** **
>
> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c
> d:\winids\pulledpork\etc\pulledpork.conf -vv -T****
>
> ** **
>
>     http://code.google.com/p/pulledpork/****
>
>       _____ ____****
>
>      `----,\    )****
>
>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~****
>
>        `--==\\/****
>
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings****
>
>   @_/        /  66\_  cummingsj at ...11827...****
>
>     |    \   \   _(")****
>
>      \   /-| ||'--'  Rules give me wings!****
>
>       \_\  \_\\****
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>
> ** **
>
> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf****
>
>         snort_path = /usr/local/bin/snort****
>
>         enablesid = d:\winids\pulledpork\etc\enablesid.conf****
>
>         modifysid = d:\winids\pulledpork\etc\modifysid.conf****
>
>         rule_path = d:\winids\snort\rules\snort.rules****
>
>         ignore = deleted.rules,experimental.rules,local.rules****
>
>         rule_url = ARRAY(0x28e1e24)****
>
>         snort_version = 2.9.4.0****
>
>         sid_msg_version = 1****
>
>         sid_changelog = d:\winids\snort\log\sid_changes.log****
>
>         sid_msg = d:\winids\snort\etc\sid-msg.map****
>
>         docs = d:\winids\Apache24\htdocs\base\signatures\****
>
>         ips_policy = security****
>
>         config_path = /usr/local/etc/snort/snort.conf****
>
>         temp_path = d:\winids\pulledpork\temp****
>
>         distro = FreeBSD-8.1****
>
>         version = 0.6.1****
>
>         sorule_path = /usr/local/lib/snort_dynamicrules/****
>
>         disablesid = d:\winids\pulledpork\etc\disablesid.conf****
>
>         dropsid = d:\winids\pulledpork\etc\dropsid.conf****
>
>         local_rules = d:\winids\snort\rules\local.rules****
>
> 'uname' is not recognized as an internal or external command,****
>
> operable program or batch file.****
>
> MISC (CLI and Autovar) Variable Debug:****
>
>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf****
>
>         Distro Def is: FreeBSD-8.1****
>
>         Docs Reference Location is:
> d:\winids\Apache24\htdocs\base\signatures\****
>
>         security policy specified****
>
>         local.rules path is: d:\winids\snort\rules\local.rules****
>
>         Rules file is: d:\winids\snort\rules\snort.rules****
>
>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf*
> ***
>
>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf****
>
>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf***
> *
>
>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf***
> *
>
>         sid changes will be logged to: d:\winids\snort\log\sid_changes.log
> ****
>
>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map****
>
>         Snort Version is: 2.9.4.0****
>
>         Snort Config File: /usr/local/etc/snort/snort.conf****
>
>         Snort Path is: /usr/local/bin/snort****
>
>         Text Rules only Flag is Set****
>
>         Extra Verbose Flag is Set****
>
>         Verbose Flag is Set****
>
>         Base URL is:
> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
> ****
>
> 775ba98cf****
>
> Checking latest MD5 for snortrules-snapshot-2940.tar.gz....****
>
>         Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5****
>
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/991158d6f0847841cffbe085a91b7c5775ba98cf==> 200 OK (3s)
> ****
>
>         most recent rules file digest: ae46740e802f023be681d932ef71f407***
> *
>
> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>
>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found (1s)
> ****
>
> ** GET
> https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435268&Signature=KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D==>
> ****
>
> 200 OK (1s)****
>
>         storing file at:
> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz****
>
> ** **
>
>         current local rules file  digest: eed12b6d1e99dd34dda723167ab18f8c
> ****
>
>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the
> latest digest... so I am gonna fetch the latest rules file!****
>
> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>
>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found
> ****
>
> ** GET
> https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435269&Signature=2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D==>   0
> ****
>
> 200 OK****
>
>         storing file at:
> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz****
>
> ** **
>
>         current local rules file  digest: 6fb296525f90c700ff356264397e7977
> ****
>
>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the
> latest digest... so I am gonna fetch the latest rules file!****
>
> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>
>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 403 Forbidden (1s)
> ****
>
>         A 403 error occurred, please wait for the 15 minute timeout****
>
>         to expire before trying again or specify the -n runtime switch****
>
>         You may also wish to verfiy your oinkcode, tarball name, and other
> configuration options****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> I can drop the rules, and open source file into the empty temp folder and
> try to process offline but I’m getting:****
>
> ** **
>
> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c
> d:\winids\pulledpork\etc\pulledpork.conf -n -vv -T****
>
> ** **
>
>     http://code.google.com/p/pulledpork/****
>
>       _____ ____****
>
>      `----,\    )****
>
>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~****
>
>        `--==\\/****
>
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings****
>
>   @_/        /  66\_  cummingsj at ...11827...****
>
>     |    \   \   _(")****
>
>      \   /-| ||'--'  Rules give me wings!****
>
>       \_\  \_\\****
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>
> ** **
>
> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf****
>
>         snort_path = /usr/local/bin/snort****
>
>         enablesid = d:\winids\pulledpork\etc\enablesid.conf****
>
>         modifysid = d:\winids\pulledpork\etc\modifysid.conf****
>
>         rule_path = d:\winids\snort\rules\snort.rules****
>
>         ignore = deleted.rules,experimental.rules,local.rules****
>
>         rule_url = ARRAY(0x285929c)****
>
>         snort_version = 2.9.4.0****
>
>         sid_msg_version = 1****
>
>         sid_changelog = d:\winids\snort\log\sid_changes.log****
>
>         sid_msg = d:\winids\snort\etc\sid-msg.map****
>
>         docs = d:\winids\Apache24\htdocs\base\signatures\****
>
>         ips_policy = security****
>
>         config_path = /usr/local/etc/snort/snort.conf****
>
>         temp_path = d:\winids\pulledpork\temp****
>
>         distro = FreeBSD-8.1****
>
>         version = 0.6.1****
>
>         sorule_path = /usr/local/lib/snort_dynamicrules/****
>
>         disablesid = d:\winids\pulledpork\etc\disablesid.conf****
>
>         dropsid = d:\winids\pulledpork\etc\dropsid.conf****
>
>         local_rules = d:\winids\snort\rules\local.rules****
>
> 'uname' is not recognized as an internal or external command,****
>
> operable program or batch file.****
>
> MISC (CLI and Autovar) Variable Debug:****
>
>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf****
>
>         Distro Def is: FreeBSD-8.1****
>
>         Docs Reference Location is:
> d:\winids\Apache24\htdocs\base\signatures\****
>
>         security policy specified****
>
>         local.rules path is: d:\winids\snort\rules\local.rules****
>
>         No Download Flag is Set****
>
>         Rules file is: d:\winids\snort\rules\snort.rules****
>
>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf*
> ***
>
>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf****
>
>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf***
> *
>
>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf***
> *
>
>         sid changes will be logged to: d:\winids\snort\log\sid_changes.log
> ****
>
>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map****
>
>         Snort Version is: 2.9.4.0****
>
>         Snort Config File: /usr/local/etc/snort/snort.conf****
>
>         Snort Path is: /usr/local/bin/snort****
>
>         Text Rules only Flag is Set****
>
>         Extra Verbose Flag is Set****
>
>         Verbose Flag is Set****
>
>         Base URL is:
> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
> ****
>
> 775ba98cf****
>
> Prepping rules from snortrules-snapshot-2940.tar.gz for work....****
>
>         extracting contents of
> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...****
>
>         Ignoring plaintext rules: deleted.rules****
>
>         Ignoring plaintext rules: experimental.rules****
>
>         Ignoring plaintext rules: local.rules****
>
>         Extracted: /tha_rules/VRT-server-other.rules****
>
>         Extracted: /tha_rules/VRT-pua-adware.rules****
>
>         Extracted: /tha_rules/VRT-misc.rules****
>
>         Extracted: /tha_rules/VRT-malware-backdoor.rules****
>
>         Extracted: /tha_rules/VRT-indicator-compromise.rules****
>
>         Extracted: /tha_rules/VRT-file-pdf.rules****
>
>         Extracted: /tha_rules/VRT-content-replace.rules****
>
>         Extracted: /tha_rules/VRT-file-identify.rules****
>
>         Extracted: /tha_rules/VRT-browser-webkit.rules****
>
>         Extracted: /tha_rules/VRT-specific-threats.rules****
>
>         Extracted: /tha_rules/VRT-file-office.rules****
>
>         Extracted: /tha_rules/VRT-rpc.rules****
>
>         Extracted: /tha_rules/VRT-dns.rules****
>
>         Extracted: /tha_rules/VRT-os-other.rules****
>
>         Extracted: /tha_rules/VRT-snmp.rules****
>
>         Extracted: /tha_rules/VRT-policy-other.rules****
>
>         Extracted: /tha_rules/VRT-web-coldfusion.rules****
>
>         Extracted: /tha_rules/VRT-protocol-voip.rules****
>
>         Extracted: /tha_rules/VRT-file-image.rules****
>
>         Extracted: /tha_rules/VRT-chat.rules****
>
>         Extracted: /tha_rules/VRT-voip.rules****
>
>         Extracted: /tha_rules/VRT-os-solaris.rules****
>
>         Extracted: /tha_rules/VRT-pop3.rules****
>
>         Extracted: /tha_rules/VRT-server-mssql.rules****
>
>         Extracted: /tha_rules/VRT-preprocessor.rules****
>
>         Extracted: /tha_rules/VRT-policy-social.rules****
>
>         Extracted: /tha_rules/VRT-protocol-ftp.rules****
>
>         Extracted: /tha_rules/VRT-server-webapp.rules****
>
>         Extracted: /tha_rules/VRT-server-oracle.rules****
>
>         Extracted: /tha_rules/VRT-scada.rules****
>
>         Extracted: /tha_rules/VRT-other-ids.rules****
>
>         Extracted: /tha_rules/VRT-server-apache.rules****
>
>         Extracted: /tha_rules/VRT-sql.rules****
>
>         Extracted: /tha_rules/VRT-icmp.rules****
>
>         Extracted: /tha_rules/VRT-file-multimedia.rules****
>
>         Extracted: /tha_rules/VRT-pua-p2p.rules****
>
>         Extracted: /tha_rules/VRT-info.rules****
>
>         Extracted: /tha_rules/VRT-pua-other.rules****
>
>         Extracted: /tha_rules/VRT-server-mail.rules****
>
>         Extracted: /tha_rules/VRT-netbios.rules****
>
>         Extracted: /tha_rules/VRT-smtp.rules****
>
>         Extracted: /tha_rules/VRT-protocol-icmp.rules****
>
>         Extracted: /tha_rules/VRT-sensitive-data.rules****
>
>         Extracted: /tha_rules/VRT-indicator-shellcode.rules****
>
>         Extracted: /tha_rules/VRT-web-iis.rules****
>
>         Extracted: /tha_rules/VRT-protocol-finger.rules****
>
>         Extracted: /tha_rules/VRT-botnet-cnc.rules****
>
>         Extracted: /tha_rules/VRT-pua-toolbars.rules****
>
>         Extracted: /tha_rules/VRT-mysql.rules****
>
>         Extracted: /tha_rules/VRT-virus.rules****
>
>         Extracted: /tha_rules/VRT-protocol-imap.rules****
>
>         Extracted: /tha_rules/VRT-malware-cnc.rules****
>
>         Extracted: /tha_rules/VRT-web-misc.rules****
>
>         Extracted: /tha_rules/VRT-tftp.rules****
>
>         Extracted: /tha_rules/VRT-blacklist.rules****
>
>         Extracted: /tha_rules/VRT-shellcode.rules****
>
>         Extracted: /tha_rules/VRT-spyware-put.rules****
>
>         Extracted: /tha_rules/VRT-exploit.rules****
>
>         Extracted: /tha_rules/VRT-protocol-services.rules****
>
>         Extracted: /tha_rules/VRT-browser-ie.rules****
>
>         Extracted: /tha_rules/VRT-os-windows.rules****
>
>         Extracted: /tha_rules/VRT-ddos.rules****
>
>         Extracted: /tha_rules/VRT-attack-responses.rules****
>
>         Extracted: /tha_rules/VRT-browser-firefox.rules****
>
>         Extracted: /tha_rules/VRT-browser-chrome.rules****
>
>         Extracted: /tha_rules/VRT-telnet.rules****
>
>         Extracted: /tha_rules/VRT-browser-other.rules****
>
>         Extracted: /tha_rules/VRT-icmp-info.rules****
>
>         Extracted: /tha_rules/VRT-os-linux.rules****
>
>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules****
>
>         Extracted: /tha_rules/VRT-policy-spam.rules****
>
>         Extracted: /tha_rules/VRT-malware-tools.rules****
>
>         Extracted: /tha_rules/VRT-x11.rules****
>
>         Extracted: /tha_rules/VRT-p2p.rules****
>
>         Extracted: /tha_rules/VRT-scan.rules****
>
>         Extracted: /tha_rules/VRT-ftp.rules****
>
>         Extracted: /tha_rules/VRT-malware-other.rules****
>
>         Extracted: /tha_rules/VRT-web-php.rules****
>
>         Extracted: /tha_rules/VRT-web-activex.rules****
>
>         Extracted: /tha_rules/VRT-decoder.rules****
>
>         Extracted: /tha_rules/VRT-web-frontpage.rules****
>
>         Extracted: /tha_rules/VRT-rservices.rules****
>
>         Extracted: /tha_rules/VRT-file-executable.rules****
>
>         Extracted: /tha_rules/VRT-file-other.rules****
>
>         Extracted: /tha_rules/VRT-backdoor.rules****
>
>         Extracted: /tha_rules/VRT-multimedia.rules****
>
>         Extracted: /tha_rules/VRT-web-client.rules****
>
>         Extracted: /tha_rules/VRT-exploit-kit.rules****
>
>         Extracted: /tha_rules/VRT-protocol-pop.rules****
>
>         Extracted: /tha_rules/VRT-browser-plugins.rules****
>
>         Extracted: /tha_rules/VRT-policy.rules****
>
>         Extracted: /tha_rules/VRT-web-attacks.rules****
>
>         Extracted: /tha_rules/VRT-imap.rules****
>
>         Extracted: /tha_rules/VRT-file-flash.rules****
>
>         Extracted: /tha_rules/VRT-nntp.rules****
>
>         Extracted: /tha_rules/VRT-dos.rules****
>
>         Extracted: /tha_rules/VRT-finger.rules****
>
>         Extracted: /tha_rules/VRT-phishing-spam.rules****
>
> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
> d:\winids\pulledpork\pulledpork.pl line 293.****
>
> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
> d:\winids\pulledpork\pulledpork.pl line 293.****
>
>         Extracted:
> d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt****
>
>         Extracted: /tha_rules/VRT-server-mysql.rules****
>
>         Extracted: /tha_rules/VRT-oracle.rules****
>
>         Extracted: /tha_rules/VRT-server-iis.rules****
>
>         Extracted: /tha_rules/VRT-app-detect.rules****
>
>         Extracted: /tha_rules/VRT-policy-multimedia.rules****
>
>         Extracted: /tha_rules/VRT-pop2.rules****
>
>         Extracted: /tha_rules/VRT-bad-traffic.rules****
>
>         Extracted: /tha_rules/VRT-web-cgi.rules****
>
> Prepping rules from snortrules-snapshot-2940.tar.gz for work....****
>
>         extracting contents of
> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...****
>
>         Ignoring plaintext rules: deleted.rules****
>
>         Ignoring plaintext rules: experimental.rules****
>
>         Ignoring plaintext rules: local.rules****
>
>         Extracted: /tha_rules/VRT-server-other.rules****
>
>         Extracted: /tha_rules/VRT-pua-adware.rules****
>
>         Extracted: /tha_rules/VRT-misc.rules****
>
>         Extracted: /tha_rules/VRT-malware-backdoor.rules****
>
>         Extracted: /tha_rules/VRT-indicator-compromise.rules****
>
>         Extracted: /tha_rules/VRT-file-pdf.rules****
>
>         Extracted: /tha_rules/VRT-content-replace.rules****
>
>         Extracted: /tha_rules/VRT-file-identify.rules****
>
>         Extracted: /tha_rules/VRT-browser-webkit.rules****
>
>         Extracted: /tha_rules/VRT-specific-threats.rules****
>
>         Extracted: /tha_rules/VRT-file-office.rules****
>
>         Extracted: /tha_rules/VRT-rpc.rules****
>
>         Extracted: /tha_rules/VRT-dns.rules****
>
>         Extracted: /tha_rules/VRT-os-other.rules****
>
>         Extracted: /tha_rules/VRT-snmp.rules****
>
>         Extracted: /tha_rules/VRT-policy-other.rules****
>
>         Extracted: /tha_rules/VRT-web-coldfusion.rules****
>
>         Extracted: /tha_rules/VRT-protocol-voip.rules****
>
>         Extracted: /tha_rules/VRT-file-image.rules****
>
>         Extracted: /tha_rules/VRT-chat.rules****
>
>         Extracted: /tha_rules/VRT-voip.rules****
>
>         Extracted: /tha_rules/VRT-os-solaris.rules****
>
>         Extracted: /tha_rules/VRT-server-mssql.rules****
>
>         Extracted: /tha_rules/VRT-pop3.rules****
>
>         Extracted: /tha_rules/VRT-preprocessor.rules****
>
>         Extracted: /tha_rules/VRT-policy-social.rules****
>
>         Extracted: /tha_rules/VRT-protocol-ftp.rules****
>
>         Extracted: /tha_rules/VRT-server-webapp.rules****
>
>         Extracted: /tha_rules/VRT-server-oracle.rules****
>
>         Extracted: /tha_rules/VRT-scada.rules****
>
>         Extracted: /tha_rules/VRT-other-ids.rules****
>
>         Extracted: /tha_rules/VRT-server-apache.rules****
>
>         Extracted: /tha_rules/VRT-sql.rules****
>
>         Extracted: /tha_rules/VRT-icmp.rules****
>
>         Extracted: /tha_rules/VRT-file-multimedia.rules****
>
>         Extracted: /tha_rules/VRT-pua-p2p.rules****
>
>         Extracted: /tha_rules/VRT-info.rules****
>
>         Extracted: /tha_rules/VRT-pua-other.rules****
>
>         Extracted: /tha_rules/VRT-server-mail.rules****
>
>         Extracted: /tha_rules/VRT-netbios.rules****
>
>         Extracted: /tha_rules/VRT-smtp.rules****
>
>         Extracted: /tha_rules/VRT-protocol-icmp.rules****
>
>         Extracted: /tha_rules/VRT-sensitive-data.rules****
>
>         Extracted: /tha_rules/VRT-indicator-shellcode.rules****
>
>         Extracted: /tha_rules/VRT-web-iis.rules****
>
>         Extracted: /tha_rules/VRT-protocol-finger.rules****
>
>         Extracted: /tha_rules/VRT-botnet-cnc.rules****
>
>         Extracted: /tha_rules/VRT-pua-toolbars.rules****
>
>         Extracted: /tha_rules/VRT-mysql.rules****
>
>         Extracted: /tha_rules/VRT-virus.rules****
>
>         Extracted: /tha_rules/VRT-protocol-imap.rules****
>
>         Extracted: /tha_rules/VRT-malware-cnc.rules****
>
>         Extracted: /tha_rules/VRT-web-misc.rules****
>
>         Extracted: /tha_rules/VRT-tftp.rules****
>
>         Extracted: /tha_rules/VRT-shellcode.rules****
>
>         Extracted: /tha_rules/VRT-blacklist.rules****
>
>         Extracted: /tha_rules/VRT-spyware-put.rules****
>
>         Extracted: /tha_rules/VRT-exploit.rules****
>
>         Extracted: /tha_rules/VRT-protocol-services.rules****
>
>         Extracted: /tha_rules/VRT-browser-ie.rules****
>
>         Extracted: /tha_rules/VRT-os-windows.rules****
>
>         Extracted: /tha_rules/VRT-ddos.rules****
>
>         Extracted: /tha_rules/VRT-attack-responses.rules****
>
>         Extracted: /tha_rules/VRT-browser-firefox.rules****
>
>         Extracted: /tha_rules/VRT-browser-chrome.rules****
>
>         Extracted: /tha_rules/VRT-telnet.rules****
>
>         Extracted: /tha_rules/VRT-browser-other.rules****
>
>         Extracted: /tha_rules/VRT-icmp-info.rules****
>
>         Extracted: /tha_rules/VRT-os-linux.rules****
>
>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules****
>
>         Extracted: /tha_rules/VRT-policy-spam.rules****
>
>         Extracted: /tha_rules/VRT-malware-tools.rules****
>
>         Extracted: /tha_rules/VRT-x11.rules****
>
>         Extracted: /tha_rules/VRT-p2p.rules****
>
>         Extracted: /tha_rules/VRT-scan.rules****
>
>         Extracted: /tha_rules/VRT-ftp.rules****
>
>         Extracted: /tha_rules/VRT-malware-other.rules****
>
>         Extracted: /tha_rules/VRT-web-php.rules****
>
>         Extracted: /tha_rules/VRT-web-activex.rules****
>
>         Extracted: /tha_rules/VRT-decoder.rules****
>
>         Extracted: /tha_rules/VRT-web-frontpage.rules****
>
>         Extracted: /tha_rules/VRT-rservices.rules****
>
>         Extracted: /tha_rules/VRT-file-executable.rules****
>
>         Extracted: /tha_rules/VRT-file-other.rules****
>
>         Extracted: /tha_rules/VRT-backdoor.rules****
>
>         Extracted: /tha_rules/VRT-multimedia.rules****
>
>         Extracted: /tha_rules/VRT-web-client.rules****
>
>         Extracted: /tha_rules/VRT-exploit-kit.rules****
>
>         Extracted: /tha_rules/VRT-protocol-pop.rules****
>
>         Extracted: /tha_rules/VRT-browser-plugins.rules****
>
>         Extracted: /tha_rules/VRT-policy.rules****
>
>         Extracted: /tha_rules/VRT-web-attacks.rules****
>
>         Extracted: /tha_rules/VRT-imap.rules****
>
>         Extracted: /tha_rules/VRT-file-flash.rules****
>
>         Extracted: /tha_rules/VRT-nntp.rules****
>
>         Extracted: /tha_rules/VRT-dos.rules****
>
>         Extracted: /tha_rules/VRT-finger.rules****
>
>         Extracted: /tha_rules/VRT-phishing-spam.rules****
>
> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
> d:\winids\pulledpork\pulledpork.pl line 293.****
>
> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
> d:\winids\pulledpork\pulledpork.pl line 293.****
>
>         Extracted:
> d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt****
>
>         Extracted: /tha_rules/VRT-server-mysql.rules****
>
>         Extracted: /tha_rules/VRT-oracle.rules****
>
>         Extracted: /tha_rules/VRT-server-iis.rules****
>
>         Extracted: /tha_rules/VRT-app-detect.rules****
>
>         Extracted: /tha_rules/VRT-policy-multimedia.rules****
>
>         Extracted: /tha_rules/VRT-pop2.rules****
>
>         Extracted: /tha_rules/VRT-bad-traffic.rules****
>
>         Extracted: /tha_rules/VRT-web-cgi.rules****
>
> Cleanup....****
>
>         removed 108 temporary snort files or directories from
> d:\winids\pulledpork\temp/tha_rules!****
>
> Fly Piggy Fly!****
>
> ** **
>
> Best regards,****
>
> Michael...****
>
> ** **
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130210/85d363f0/attachment.html>


More information about the Snort-users mailing list