[Snort-users] PulledPork not processing

Joel Esler jesler at ...1935...
Sun Feb 10 11:20:23 EST 2013


*self contained
—
Joel Esler
Mobile

On Sun, Feb 10, 2013 at 10:38 AM, Joel Esler <jesler at ...1935...>
wrote:

> Wow.  That's pretty slow.  On Unix it takes about 10 seconds give or take.
>  But no, Pulledpork is sell contained except for a few libraries and is
> meant to be that way.
> On Sun, Feb 10, 2013 at 9:57 AM, Michael Steele <michaels at ...9077...>wrote:
>> Problem solved. It appears that some of the Perl packages were corrupted.*
>> ***
>>
>> ** **
>>
>> However; Does anyone have a work around for the installation of the
>> Signatures. I don’t know about UNIX, but  on Windows it takes at least 30
>> minutes for Perl to extract.****
>>
>> ** **
>>
>> Is it possible for the pulledpork.pl file to extract with a native OS
>> extraction tool?****
>>
>> ** **
>>
>> Best regards,****
>>
>> Michael...****
>>
>> ** **
>>
>> *From:* Michael Steele [mailto:michaels at ...9077...]
>> *Sent:* Saturday, February 09, 2013 1:49 PM
>> *To:* snort-users at lists.sourceforge.net
>> *Subject:* [Snort-users] PulledPork not processing****
>>
>> ** **
>>
>> This is the latest pull from the SVN.****
>>
>> ** **
>>
>> It appears PulledPork is trying to process the rules twice. In the temp
>> folder I’m only getting a partial transfer of the rules and the MD5 file.
>> ****
>>
>> ** **
>>
>> ** **
>>
>> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c
>> d:\winids\pulledpork\etc\pulledpork.conf -vv -T****
>>
>> ** **
>>
>>     http://code.google.com/p/pulledpork/****
>>
>>       _____ ____****
>>
>>      `----,\    )****
>>
>>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~****
>>
>>        `--==\\/****
>>
>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings****
>>
>>   @_/        /  66\_  cummingsj at ...11827...****
>>
>>     |    \   \   _(")****
>>
>>      \   /-| ||'--'  Rules give me wings!****
>>
>>       \_\  \_\\****
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>>
>> ** **
>>
>> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf****
>>
>>         snort_path = /usr/local/bin/snort****
>>
>>         enablesid = d:\winids\pulledpork\etc\enablesid.conf****
>>
>>         modifysid = d:\winids\pulledpork\etc\modifysid.conf****
>>
>>         rule_path = d:\winids\snort\rules\snort.rules****
>>
>>         ignore = deleted.rules,experimental.rules,local.rules****
>>
>>         rule_url = ARRAY(0x28e1e24)****
>>
>>         snort_version = 2.9.4.0****
>>
>>         sid_msg_version = 1****
>>
>>         sid_changelog = d:\winids\snort\log\sid_changes.log****
>>
>>         sid_msg = d:\winids\snort\etc\sid-msg.map****
>>
>>         docs = d:\winids\Apache24\htdocs\base\signatures\****
>>
>>         ips_policy = security****
>>
>>         config_path = /usr/local/etc/snort/snort.conf****
>>
>>         temp_path = d:\winids\pulledpork\temp****
>>
>>         distro = FreeBSD-8.1****
>>
>>         version = 0.6.1****
>>
>>         sorule_path = /usr/local/lib/snort_dynamicrules/****
>>
>>         disablesid = d:\winids\pulledpork\etc\disablesid.conf****
>>
>>         dropsid = d:\winids\pulledpork\etc\dropsid.conf****
>>
>>         local_rules = d:\winids\snort\rules\local.rules****
>>
>> 'uname' is not recognized as an internal or external command,****
>>
>> operable program or batch file.****
>>
>> MISC (CLI and Autovar) Variable Debug:****
>>
>>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf****
>>
>>         Distro Def is: FreeBSD-8.1****
>>
>>         Docs Reference Location is:
>> d:\winids\Apache24\htdocs\base\signatures\****
>>
>>         security policy specified****
>>
>>         local.rules path is: d:\winids\snort\rules\local.rules****
>>
>>         Rules file is: d:\winids\snort\rules\snort.rules****
>>
>>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf*
>> ***
>>
>>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf****
>>
>>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf***
>> *
>>
>>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf***
>> *
>>
>>         sid changes will be logged to: d:\winids\snort\log\sid_changes.log
>> ****
>>
>>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map****
>>
>>         Snort Version is: 2.9.4.0****
>>
>>         Snort Config File: /usr/local/etc/snort/snort.conf****
>>
>>         Snort Path is: /usr/local/bin/snort****
>>
>>         Text Rules only Flag is Set****
>>
>>         Extra Verbose Flag is Set****
>>
>>         Verbose Flag is Set****
>>
>>         Base URL is:
>> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
>> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
>> ****
>>
>> 775ba98cf****
>>
>> Checking latest MD5 for snortrules-snapshot-2940.tar.gz....****
>>
>>         Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5****
>>
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/991158d6f0847841cffbe085a91b7c5775ba98cf==> 200 OK (3s)
>> ****
>>
>>         most recent rules file digest: ae46740e802f023be681d932ef71f407***
>> *
>>
>> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>>
>>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>>
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found (1s)
>> ****
>>
>> ** GET
>> https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435268&Signature=KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D==>
>> ****
>>
>> 200 OK (1s)****
>>
>>         storing file at:
>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz****
>>
>> ** **
>>
>>         current local rules file  digest: eed12b6d1e99dd34dda723167ab18f8c
>> ****
>>
>>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the
>> latest digest... so I am gonna fetch the latest rules file!****
>>
>> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>>
>>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>>
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found
>> ****
>>
>> ** GET
>> https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435269&Signature=2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D==>   0
>> ****
>>
>> 200 OK****
>>
>>         storing file at:
>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz****
>>
>> ** **
>>
>>         current local rules file  digest: 6fb296525f90c700ff356264397e7977
>> ****
>>
>>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the
>> latest digest... so I am gonna fetch the latest rules file!****
>>
>> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>>
>>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>>
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 403 Forbidden (1s)
>> ****
>>
>>         A 403 error occurred, please wait for the 15 minute timeout****
>>
>>         to expire before trying again or specify the -n runtime switch****
>>
>>         You may also wish to verfiy your oinkcode, tarball name, and other
>> configuration options****
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> I can drop the rules, and open source file into the empty temp folder and
>> try to process offline but I’m getting:****
>>
>> ** **
>>
>> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c
>> d:\winids\pulledpork\etc\pulledpork.conf -n -vv -T****
>>
>> ** **
>>
>>     http://code.google.com/p/pulledpork/****
>>
>>       _____ ____****
>>
>>      `----,\    )****
>>
>>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~****
>>
>>        `--==\\/****
>>
>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings****
>>
>>   @_/        /  66\_  cummingsj at ...11827...****
>>
>>     |    \   \   _(")****
>>
>>      \   /-| ||'--'  Rules give me wings!****
>>
>>       \_\  \_\\****
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>>
>> ** **
>>
>> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf****
>>
>>         snort_path = /usr/local/bin/snort****
>>
>>         enablesid = d:\winids\pulledpork\etc\enablesid.conf****
>>
>>         modifysid = d:\winids\pulledpork\etc\modifysid.conf****
>>
>>         rule_path = d:\winids\snort\rules\snort.rules****
>>
>>         ignore = deleted.rules,experimental.rules,local.rules****
>>
>>         rule_url = ARRAY(0x285929c)****
>>
>>         snort_version = 2.9.4.0****
>>
>>         sid_msg_version = 1****
>>
>>         sid_changelog = d:\winids\snort\log\sid_changes.log****
>>
>>         sid_msg = d:\winids\snort\etc\sid-msg.map****
>>
>>         docs = d:\winids\Apache24\htdocs\base\signatures\****
>>
>>         ips_policy = security****
>>
>>         config_path = /usr/local/etc/snort/snort.conf****
>>
>>         temp_path = d:\winids\pulledpork\temp****
>>
>>         distro = FreeBSD-8.1****
>>
>>         version = 0.6.1****
>>
>>         sorule_path = /usr/local/lib/snort_dynamicrules/****
>>
>>         disablesid = d:\winids\pulledpork\etc\disablesid.conf****
>>
>>         dropsid = d:\winids\pulledpork\etc\dropsid.conf****
>>
>>         local_rules = d:\winids\snort\rules\local.rules****
>>
>> 'uname' is not recognized as an internal or external command,****
>>
>> operable program or batch file.****
>>
>> MISC (CLI and Autovar) Variable Debug:****
>>
>>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf****
>>
>>         Distro Def is: FreeBSD-8.1****
>>
>>         Docs Reference Location is:
>> d:\winids\Apache24\htdocs\base\signatures\****
>>
>>         security policy specified****
>>
>>         local.rules path is: d:\winids\snort\rules\local.rules****
>>
>>         No Download Flag is Set****
>>
>>         Rules file is: d:\winids\snort\rules\snort.rules****
>>
>>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf*
>> ***
>>
>>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf****
>>
>>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf***
>> *
>>
>>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf***
>> *
>>
>>         sid changes will be logged to: d:\winids\snort\log\sid_changes.log
>> ****
>>
>>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map****
>>
>>         Snort Version is: 2.9.4.0****
>>
>>         Snort Config File: /usr/local/etc/snort/snort.conf****
>>
>>         Snort Path is: /usr/local/bin/snort****
>>
>>         Text Rules only Flag is Set****
>>
>>         Extra Verbose Flag is Set****
>>
>>         Verbose Flag is Set****
>>
>>         Base URL is:
>> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
>> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
>> ****
>>
>> 775ba98cf****
>>
>> Prepping rules from snortrules-snapshot-2940.tar.gz for work....****
>>
>>         extracting contents of
>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...****
>>
>>         Ignoring plaintext rules: deleted.rules****
>>
>>         Ignoring plaintext rules: experimental.rules****
>>
>>         Ignoring plaintext rules: local.rules****
>>
>>         Extracted: /tha_rules/VRT-server-other.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-adware.rules****
>>
>>         Extracted: /tha_rules/VRT-misc.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-backdoor.rules****
>>
>>         Extracted: /tha_rules/VRT-indicator-compromise.rules****
>>
>>         Extracted: /tha_rules/VRT-file-pdf.rules****
>>
>>         Extracted: /tha_rules/VRT-content-replace.rules****
>>
>>         Extracted: /tha_rules/VRT-file-identify.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-webkit.rules****
>>
>>         Extracted: /tha_rules/VRT-specific-threats.rules****
>>
>>         Extracted: /tha_rules/VRT-file-office.rules****
>>
>>         Extracted: /tha_rules/VRT-rpc.rules****
>>
>>         Extracted: /tha_rules/VRT-dns.rules****
>>
>>         Extracted: /tha_rules/VRT-os-other.rules****
>>
>>         Extracted: /tha_rules/VRT-snmp.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-other.rules****
>>
>>         Extracted: /tha_rules/VRT-web-coldfusion.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-voip.rules****
>>
>>         Extracted: /tha_rules/VRT-file-image.rules****
>>
>>         Extracted: /tha_rules/VRT-chat.rules****
>>
>>         Extracted: /tha_rules/VRT-voip.rules****
>>
>>         Extracted: /tha_rules/VRT-os-solaris.rules****
>>
>>         Extracted: /tha_rules/VRT-pop3.rules****
>>
>>         Extracted: /tha_rules/VRT-server-mssql.rules****
>>
>>         Extracted: /tha_rules/VRT-preprocessor.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-social.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-ftp.rules****
>>
>>         Extracted: /tha_rules/VRT-server-webapp.rules****
>>
>>         Extracted: /tha_rules/VRT-server-oracle.rules****
>>
>>         Extracted: /tha_rules/VRT-scada.rules****
>>
>>         Extracted: /tha_rules/VRT-other-ids.rules****
>>
>>         Extracted: /tha_rules/VRT-server-apache.rules****
>>
>>         Extracted: /tha_rules/VRT-sql.rules****
>>
>>         Extracted: /tha_rules/VRT-icmp.rules****
>>
>>         Extracted: /tha_rules/VRT-file-multimedia.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-p2p.rules****
>>
>>         Extracted: /tha_rules/VRT-info.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-other.rules****
>>
>>         Extracted: /tha_rules/VRT-server-mail.rules****
>>
>>         Extracted: /tha_rules/VRT-netbios.rules****
>>
>>         Extracted: /tha_rules/VRT-smtp.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-icmp.rules****
>>
>>         Extracted: /tha_rules/VRT-sensitive-data.rules****
>>
>>         Extracted: /tha_rules/VRT-indicator-shellcode.rules****
>>
>>         Extracted: /tha_rules/VRT-web-iis.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-finger.rules****
>>
>>         Extracted: /tha_rules/VRT-botnet-cnc.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-toolbars.rules****
>>
>>         Extracted: /tha_rules/VRT-mysql.rules****
>>
>>         Extracted: /tha_rules/VRT-virus.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-imap.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-cnc.rules****
>>
>>         Extracted: /tha_rules/VRT-web-misc.rules****
>>
>>         Extracted: /tha_rules/VRT-tftp.rules****
>>
>>         Extracted: /tha_rules/VRT-blacklist.rules****
>>
>>         Extracted: /tha_rules/VRT-shellcode.rules****
>>
>>         Extracted: /tha_rules/VRT-spyware-put.rules****
>>
>>         Extracted: /tha_rules/VRT-exploit.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-services.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-ie.rules****
>>
>>         Extracted: /tha_rules/VRT-os-windows.rules****
>>
>>         Extracted: /tha_rules/VRT-ddos.rules****
>>
>>         Extracted: /tha_rules/VRT-attack-responses.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-firefox.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-chrome.rules****
>>
>>         Extracted: /tha_rules/VRT-telnet.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-other.rules****
>>
>>         Extracted: /tha_rules/VRT-icmp-info.rules****
>>
>>         Extracted: /tha_rules/VRT-os-linux.rules****
>>
>>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-spam.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-tools.rules****
>>
>>         Extracted: /tha_rules/VRT-x11.rules****
>>
>>         Extracted: /tha_rules/VRT-p2p.rules****
>>
>>         Extracted: /tha_rules/VRT-scan.rules****
>>
>>         Extracted: /tha_rules/VRT-ftp.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-other.rules****
>>
>>         Extracted: /tha_rules/VRT-web-php.rules****
>>
>>         Extracted: /tha_rules/VRT-web-activex.rules****
>>
>>         Extracted: /tha_rules/VRT-decoder.rules****
>>
>>         Extracted: /tha_rules/VRT-web-frontpage.rules****
>>
>>         Extracted: /tha_rules/VRT-rservices.rules****
>>
>>         Extracted: /tha_rules/VRT-file-executable.rules****
>>
>>         Extracted: /tha_rules/VRT-file-other.rules****
>>
>>         Extracted: /tha_rules/VRT-backdoor.rules****
>>
>>         Extracted: /tha_rules/VRT-multimedia.rules****
>>
>>         Extracted: /tha_rules/VRT-web-client.rules****
>>
>>         Extracted: /tha_rules/VRT-exploit-kit.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-pop.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-plugins.rules****
>>
>>         Extracted: /tha_rules/VRT-policy.rules****
>>
>>         Extracted: /tha_rules/VRT-web-attacks.rules****
>>
>>         Extracted: /tha_rules/VRT-imap.rules****
>>
>>         Extracted: /tha_rules/VRT-file-flash.rules****
>>
>>         Extracted: /tha_rules/VRT-nntp.rules****
>>
>>         Extracted: /tha_rules/VRT-dos.rules****
>>
>>         Extracted: /tha_rules/VRT-finger.rules****
>>
>>         Extracted: /tha_rules/VRT-phishing-spam.rules****
>>
>> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>
>> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>
>>         Extracted:
>> d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt****
>>
>>         Extracted: /tha_rules/VRT-server-mysql.rules****
>>
>>         Extracted: /tha_rules/VRT-oracle.rules****
>>
>>         Extracted: /tha_rules/VRT-server-iis.rules****
>>
>>         Extracted: /tha_rules/VRT-app-detect.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-multimedia.rules****
>>
>>         Extracted: /tha_rules/VRT-pop2.rules****
>>
>>         Extracted: /tha_rules/VRT-bad-traffic.rules****
>>
>>         Extracted: /tha_rules/VRT-web-cgi.rules****
>>
>> Prepping rules from snortrules-snapshot-2940.tar.gz for work....****
>>
>>         extracting contents of
>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...****
>>
>>         Ignoring plaintext rules: deleted.rules****
>>
>>         Ignoring plaintext rules: experimental.rules****
>>
>>         Ignoring plaintext rules: local.rules****
>>
>>         Extracted: /tha_rules/VRT-server-other.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-adware.rules****
>>
>>         Extracted: /tha_rules/VRT-misc.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-backdoor.rules****
>>
>>         Extracted: /tha_rules/VRT-indicator-compromise.rules****
>>
>>         Extracted: /tha_rules/VRT-file-pdf.rules****
>>
>>         Extracted: /tha_rules/VRT-content-replace.rules****
>>
>>         Extracted: /tha_rules/VRT-file-identify.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-webkit.rules****
>>
>>         Extracted: /tha_rules/VRT-specific-threats.rules****
>>
>>         Extracted: /tha_rules/VRT-file-office.rules****
>>
>>         Extracted: /tha_rules/VRT-rpc.rules****
>>
>>         Extracted: /tha_rules/VRT-dns.rules****
>>
>>         Extracted: /tha_rules/VRT-os-other.rules****
>>
>>         Extracted: /tha_rules/VRT-snmp.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-other.rules****
>>
>>         Extracted: /tha_rules/VRT-web-coldfusion.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-voip.rules****
>>
>>         Extracted: /tha_rules/VRT-file-image.rules****
>>
>>         Extracted: /tha_rules/VRT-chat.rules****
>>
>>         Extracted: /tha_rules/VRT-voip.rules****
>>
>>         Extracted: /tha_rules/VRT-os-solaris.rules****
>>
>>         Extracted: /tha_rules/VRT-server-mssql.rules****
>>
>>         Extracted: /tha_rules/VRT-pop3.rules****
>>
>>         Extracted: /tha_rules/VRT-preprocessor.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-social.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-ftp.rules****
>>
>>         Extracted: /tha_rules/VRT-server-webapp.rules****
>>
>>         Extracted: /tha_rules/VRT-server-oracle.rules****
>>
>>         Extracted: /tha_rules/VRT-scada.rules****
>>
>>         Extracted: /tha_rules/VRT-other-ids.rules****
>>
>>         Extracted: /tha_rules/VRT-server-apache.rules****
>>
>>         Extracted: /tha_rules/VRT-sql.rules****
>>
>>         Extracted: /tha_rules/VRT-icmp.rules****
>>
>>         Extracted: /tha_rules/VRT-file-multimedia.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-p2p.rules****
>>
>>         Extracted: /tha_rules/VRT-info.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-other.rules****
>>
>>         Extracted: /tha_rules/VRT-server-mail.rules****
>>
>>         Extracted: /tha_rules/VRT-netbios.rules****
>>
>>         Extracted: /tha_rules/VRT-smtp.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-icmp.rules****
>>
>>         Extracted: /tha_rules/VRT-sensitive-data.rules****
>>
>>         Extracted: /tha_rules/VRT-indicator-shellcode.rules****
>>
>>         Extracted: /tha_rules/VRT-web-iis.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-finger.rules****
>>
>>         Extracted: /tha_rules/VRT-botnet-cnc.rules****
>>
>>         Extracted: /tha_rules/VRT-pua-toolbars.rules****
>>
>>         Extracted: /tha_rules/VRT-mysql.rules****
>>
>>         Extracted: /tha_rules/VRT-virus.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-imap.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-cnc.rules****
>>
>>         Extracted: /tha_rules/VRT-web-misc.rules****
>>
>>         Extracted: /tha_rules/VRT-tftp.rules****
>>
>>         Extracted: /tha_rules/VRT-shellcode.rules****
>>
>>         Extracted: /tha_rules/VRT-blacklist.rules****
>>
>>         Extracted: /tha_rules/VRT-spyware-put.rules****
>>
>>         Extracted: /tha_rules/VRT-exploit.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-services.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-ie.rules****
>>
>>         Extracted: /tha_rules/VRT-os-windows.rules****
>>
>>         Extracted: /tha_rules/VRT-ddos.rules****
>>
>>         Extracted: /tha_rules/VRT-attack-responses.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-firefox.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-chrome.rules****
>>
>>         Extracted: /tha_rules/VRT-telnet.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-other.rules****
>>
>>         Extracted: /tha_rules/VRT-icmp-info.rules****
>>
>>         Extracted: /tha_rules/VRT-os-linux.rules****
>>
>>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-spam.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-tools.rules****
>>
>>         Extracted: /tha_rules/VRT-x11.rules****
>>
>>         Extracted: /tha_rules/VRT-p2p.rules****
>>
>>         Extracted: /tha_rules/VRT-scan.rules****
>>
>>         Extracted: /tha_rules/VRT-ftp.rules****
>>
>>         Extracted: /tha_rules/VRT-malware-other.rules****
>>
>>         Extracted: /tha_rules/VRT-web-php.rules****
>>
>>         Extracted: /tha_rules/VRT-web-activex.rules****
>>
>>         Extracted: /tha_rules/VRT-decoder.rules****
>>
>>         Extracted: /tha_rules/VRT-web-frontpage.rules****
>>
>>         Extracted: /tha_rules/VRT-rservices.rules****
>>
>>         Extracted: /tha_rules/VRT-file-executable.rules****
>>
>>         Extracted: /tha_rules/VRT-file-other.rules****
>>
>>         Extracted: /tha_rules/VRT-backdoor.rules****
>>
>>         Extracted: /tha_rules/VRT-multimedia.rules****
>>
>>         Extracted: /tha_rules/VRT-web-client.rules****
>>
>>         Extracted: /tha_rules/VRT-exploit-kit.rules****
>>
>>         Extracted: /tha_rules/VRT-protocol-pop.rules****
>>
>>         Extracted: /tha_rules/VRT-browser-plugins.rules****
>>
>>         Extracted: /tha_rules/VRT-policy.rules****
>>
>>         Extracted: /tha_rules/VRT-web-attacks.rules****
>>
>>         Extracted: /tha_rules/VRT-imap.rules****
>>
>>         Extracted: /tha_rules/VRT-file-flash.rules****
>>
>>         Extracted: /tha_rules/VRT-nntp.rules****
>>
>>         Extracted: /tha_rules/VRT-dos.rules****
>>
>>         Extracted: /tha_rules/VRT-finger.rules****
>>
>>         Extracted: /tha_rules/VRT-phishing-spam.rules****
>>
>> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>
>> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>
>>         Extracted:
>> d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt****
>>
>>         Extracted: /tha_rules/VRT-server-mysql.rules****
>>
>>         Extracted: /tha_rules/VRT-oracle.rules****
>>
>>         Extracted: /tha_rules/VRT-server-iis.rules****
>>
>>         Extracted: /tha_rules/VRT-app-detect.rules****
>>
>>         Extracted: /tha_rules/VRT-policy-multimedia.rules****
>>
>>         Extracted: /tha_rules/VRT-pop2.rules****
>>
>>         Extracted: /tha_rules/VRT-bad-traffic.rules****
>>
>>         Extracted: /tha_rules/VRT-web-cgi.rules****
>>
>> Cleanup....****
>>
>>         removed 108 temporary snort files or directories from
>> d:\winids\pulledpork\temp/tha_rules!****
>>
>> Fly Piggy Fly!****
>>
>> ** **
>>
>> Best regards,****
>>
>> Michael...****
>>
>> ** **
>>
>>
>> ------------------------------------------------------------------------------
>> Free Next-Gen Firewall Hardware Offer
>> Buy your Sophos next-gen firewall before the end March 2013
>> and get the hardware for free! Learn more.
>> http://p.sf.net/sfu/sophos-d2d-feb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
> -- 
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130210/0054b830/attachment.html>


More information about the Snort-users mailing list