[Snort-users] PulledPork not processing

JJ Cummings cummingsj at ...11827...
Sun Feb 10 11:51:24 EST 2013


Michael,

Are you talking about the rule docs "the opensource.tgz" file?  If so, these are not the rules and only need to be extracted if you are using them for reference.  This can sometimes take a while to extract... However, as Joel said the actual rules operation should be quite fast.

JJC

Sent from the iRoad

On Feb 10, 2013, at 9:20, "Joel Esler" <jesler at ...1935...> wrote:

> *self contained
> 
>> Joel Esler
> Mobile
> 
> 
> On Sun, Feb 10, 2013 at 10:38 AM, Joel Esler <jesler at ...1935...> wrote:
> 
>> Wow.  That's pretty slow.  On Unix it takes about 10 seconds give or take.  But no, Pulledpork is sell contained except for a few libraries and is meant to be that way.
>> 
>> 
>> On Sun, Feb 10, 2013 at 9:57 AM, Michael Steele <michaels at ...9077...> wrote:
>>> Problem solved. It appears that some of the Perl packages were corrupted.
>>> 
>>>  
>>> 
>>> However; Does anyone have a work around for the installation of the Signatures. I don’t know about UNIX, but  on Windows it takes at least 30 minutes for Perl to extract.
>>> 
>>>  
>>> 
>>> Is it possible for the pulledpork.pl file to extract with a native OS extraction tool?
>>> 
>>>  
>>> 
>>> Best regards,
>>> 
>>> Michael...
>>> 
>>>  
>>> 
>>> From: Michael Steele [mailto:michaels at ...9077...] 
>>> Sent: Saturday, February 09, 2013 1:49 PM
>>> To: snort-users at lists.sourceforge.net
>>> Subject: [Snort-users] PulledPork not processing
>>> 
>>>  
>>> 
>>> This is the latest pull from the SVN.
>>> 
>>>  
>>> 
>>> It appears PulledPork is trying to process the rules twice. In the temp folder I’m only getting a partial transfer of the rules and the MD5 file.
>>> 
>>>  
>>> 
>>>  
>>> 
>>> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -vv -T
>>> 
>>>  
>>> 
>>>     http://code.google.com/p/pulledpork/
>>> 
>>>       _____ ____
>>> 
>>>      `----,\    )
>>> 
>>>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~
>>> 
>>>        `--==\\/
>>> 
>>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings
>>> 
>>>   @_/        /  66\_  cummingsj at ...11827...
>>> 
>>>     |    \   \   _(")
>>> 
>>>      \   /-| ||'--'  Rules give me wings!
>>> 
>>>       \_\  \_\\
>>> 
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> 
>>>  
>>> 
>>> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf
>>> 
>>>         snort_path = /usr/local/bin/snort
>>> 
>>>         enablesid = d:\winids\pulledpork\etc\enablesid.conf
>>> 
>>>         modifysid = d:\winids\pulledpork\etc\modifysid.conf
>>> 
>>>         rule_path = d:\winids\snort\rules\snort.rules
>>> 
>>>         ignore = deleted.rules,experimental.rules,local.rules
>>> 
>>>         rule_url = ARRAY(0x28e1e24)
>>> 
>>>         snort_version = 2.9.4.0
>>> 
>>>         sid_msg_version = 1
>>> 
>>>         sid_changelog = d:\winids\snort\log\sid_changes.log
>>> 
>>>         sid_msg = d:\winids\snort\etc\sid-msg.map
>>> 
>>>         docs = d:\winids\Apache24\htdocs\base\signatures\
>>> 
>>>         ips_policy = security
>>> 
>>>         config_path = /usr/local/etc/snort/snort.conf
>>> 
>>>         temp_path = d:\winids\pulledpork\temp
>>> 
>>>         distro = FreeBSD-8.1
>>> 
>>>         version = 0.6.1
>>> 
>>>         sorule_path = /usr/local/lib/snort_dynamicrules/
>>> 
>>>         disablesid = d:\winids\pulledpork\etc\disablesid.conf
>>> 
>>>         dropsid = d:\winids\pulledpork\etc\dropsid.conf
>>> 
>>>         local_rules = d:\winids\snort\rules\local.rules
>>> 
>>> 'uname' is not recognized as an internal or external command,
>>> 
>>> operable program or batch file.
>>> 
>>> MISC (CLI and Autovar) Variable Debug:
>>> 
>>>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf
>>> 
>>>         Distro Def is: FreeBSD-8.1
>>> 
>>>         Docs Reference Location is: d:\winids\Apache24\htdocs\base\signatures\
>>> 
>>>         security policy specified
>>> 
>>>         local.rules path is: d:\winids\snort\rules\local.rules
>>> 
>>>         Rules file is: d:\winids\snort\rules\snort.rules
>>> 
>>>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf
>>> 
>>>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf
>>> 
>>>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf
>>> 
>>>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf
>>> 
>>>         sid changes will be logged to: d:\winids\snort\log\sid_changes.log
>>> 
>>>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map
>>> 
>>>         Snort Version is: 2.9.4.0
>>> 
>>>         Snort Config File: /usr/local/etc/snort/snort.conf
>>> 
>>>         Snort Path is: /usr/local/bin/snort
>>> 
>>>         Text Rules only Flag is Set
>>> 
>>>         Extra Verbose Flag is Set
>>> 
>>>         Verbose Flag is Set
>>> 
>>>         Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
>>> 
>>> 775ba98cf
>>> 
>>> Checking latest MD5 for snortrules-snapshot-2940.tar.gz....
>>> 
>>>         Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5
>>> 
>>> ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/991158d6f0847841cffbe085a91b7c5775ba98cf ==> 200 OK (3s)
>>> 
>>>         most recent rules file digest: ae46740e802f023be681d932ef71f407
>>> 
>>> Rules tarball download of snortrules-snapshot-2940.tar.gz....
>>> 
>>>         Fetching rules file: snortrules-snapshot-2940.tar.gz
>>> 
>>> ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf ==> 302 Found (1s)
>>> 
>>> ** GET https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435268&Signature=KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D ==>
>>> 
>>> 200 OK (1s)
>>> 
>>>         storing file at: d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz
>>> 
>>>  
>>> 
>>>         current local rules file  digest: eed12b6d1e99dd34dda723167ab18f8c
>>> 
>>>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!
>>> 
>>> Rules tarball download of snortrules-snapshot-2940.tar.gz....
>>> 
>>>         Fetching rules file: snortrules-snapshot-2940.tar.gz
>>> 
>>> ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf ==> 302 Found
>>> 
>>> ** GET https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435269&Signature=2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D ==>   0
>>> 
>>> 200 OK
>>> 
>>>         storing file at: d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz
>>> 
>>>  
>>> 
>>>         current local rules file  digest: 6fb296525f90c700ff356264397e7977
>>> 
>>>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!
>>> 
>>> Rules tarball download of snortrules-snapshot-2940.tar.gz....
>>> 
>>>         Fetching rules file: snortrules-snapshot-2940.tar.gz
>>> 
>>> ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf ==> 403 Forbidden (1s)
>>> 
>>>         A 403 error occurred, please wait for the 15 minute timeout
>>> 
>>>         to expire before trying again or specify the -n runtime switch
>>> 
>>>         You may also wish to verfiy your oinkcode, tarball name, and other configuration options
>>> 
>>>  
>>> 
>>>  
>>> 
>>>  
>>> 
>>>  
>>> 
>>> I can drop the rules, and open source file into the empty temp folder and try to process offline but I’m getting:
>>> 
>>>  
>>> 
>>> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -n -vv -T
>>> 
>>>  
>>> 
>>>     http://code.google.com/p/pulledpork/
>>> 
>>>       _____ ____
>>> 
>>>      `----,\    )
>>> 
>>>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~
>>> 
>>>        `--==\\/
>>> 
>>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings
>>> 
>>>   @_/        /  66\_  cummingsj at ...11827...
>>> 
>>>     |    \   \   _(")
>>> 
>>>      \   /-| ||'--'  Rules give me wings!
>>> 
>>>       \_\  \_\\
>>> 
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> 
>>>  
>>> 
>>> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf
>>> 
>>>         snort_path = /usr/local/bin/snort
>>> 
>>>         enablesid = d:\winids\pulledpork\etc\enablesid.conf
>>> 
>>>         modifysid = d:\winids\pulledpork\etc\modifysid.conf
>>> 
>>>         rule_path = d:\winids\snort\rules\snort.rules
>>> 
>>>         ignore = deleted.rules,experimental.rules,local.rules
>>> 
>>>         rule_url = ARRAY(0x285929c)
>>> 
>>>         snort_version = 2.9.4.0
>>> 
>>>         sid_msg_version = 1
>>> 
>>>         sid_changelog = d:\winids\snort\log\sid_changes.log
>>> 
>>>         sid_msg = d:\winids\snort\etc\sid-msg.map
>>> 
>>>         docs = d:\winids\Apache24\htdocs\base\signatures\
>>> 
>>>         ips_policy = security
>>> 
>>>         config_path = /usr/local/etc/snort/snort.conf
>>> 
>>>         temp_path = d:\winids\pulledpork\temp
>>> 
>>>         distro = FreeBSD-8.1
>>> 
>>>         version = 0.6.1
>>> 
>>>         sorule_path = /usr/local/lib/snort_dynamicrules/
>>> 
>>>         disablesid = d:\winids\pulledpork\etc\disablesid.conf
>>> 
>>>         dropsid = d:\winids\pulledpork\etc\dropsid.conf
>>> 
>>>         local_rules = d:\winids\snort\rules\local.rules
>>> 
>>> 'uname' is not recognized as an internal or external command,
>>> 
>>> operable program or batch file.
>>> 
>>> MISC (CLI and Autovar) Variable Debug:
>>> 
>>>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf
>>> 
>>>         Distro Def is: FreeBSD-8.1
>>> 
>>>         Docs Reference Location is: d:\winids\Apache24\htdocs\base\signatures\
>>> 
>>>         security policy specified
>>> 
>>>         local.rules path is: d:\winids\snort\rules\local.rules
>>> 
>>>         No Download Flag is Set
>>> 
>>>         Rules file is: d:\winids\snort\rules\snort.rules
>>> 
>>>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf
>>> 
>>>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf
>>> 
>>>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf
>>> 
>>>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf
>>> 
>>>         sid changes will be logged to: d:\winids\snort\log\sid_changes.log
>>> 
>>>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map
>>> 
>>>         Snort Version is: 2.9.4.0
>>> 
>>>         Snort Config File: /usr/local/etc/snort/snort.conf
>>> 
>>>         Snort Path is: /usr/local/bin/snort
>>> 
>>>         Text Rules only Flag is Set
>>> 
>>>         Extra Verbose Flag is Set
>>> 
>>>         Verbose Flag is Set
>>> 
>>>         Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
>>> 
>>> 775ba98cf
>>> 
>>> Prepping rules from snortrules-snapshot-2940.tar.gz for work....
>>> 
>>>         extracting contents of d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...
>>> 
>>>         Ignoring plaintext rules: deleted.rules
>>> 
>>>         Ignoring plaintext rules: experimental.rules
>>> 
>>>         Ignoring plaintext rules: local.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-adware.rules
>>> 
>>>         Extracted: /tha_rules/VRT-misc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-backdoor.rules
>>> 
>>>         Extracted: /tha_rules/VRT-indicator-compromise.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-pdf.rules
>>> 
>>>         Extracted: /tha_rules/VRT-content-replace.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-identify.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-webkit.rules
>>> 
>>>         Extracted: /tha_rules/VRT-specific-threats.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-office.rules
>>> 
>>>         Extracted: /tha_rules/VRT-rpc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-dns.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-snmp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-coldfusion.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-voip.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-image.rules
>>> 
>>>         Extracted: /tha_rules/VRT-chat.rules
>>> 
>>>         Extracted: /tha_rules/VRT-voip.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-solaris.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pop3.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-mssql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-preprocessor.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-social.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-ftp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-webapp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-oracle.rules
>>> 
>>>         Extracted: /tha_rules/VRT-scada.rules
>>> 
>>>         Extracted: /tha_rules/VRT-other-ids.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-apache.rules
>>> 
>>>         Extracted: /tha_rules/VRT-sql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-icmp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-multimedia.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-p2p.rules
>>> 
>>>         Extracted: /tha_rules/VRT-info.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-mail.rules
>>> 
>>>         Extracted: /tha_rules/VRT-netbios.rules
>>> 
>>>         Extracted: /tha_rules/VRT-smtp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-icmp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-sensitive-data.rules
>>> 
>>>         Extracted: /tha_rules/VRT-indicator-shellcode.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-iis.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-finger.rules
>>> 
>>>         Extracted: /tha_rules/VRT-botnet-cnc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-toolbars.rules
>>> 
>>>         Extracted: /tha_rules/VRT-mysql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-virus.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-imap.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-cnc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-misc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-tftp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-blacklist.rules
>>> 
>>>         Extracted: /tha_rules/VRT-shellcode.rules
>>> 
>>>         Extracted: /tha_rules/VRT-spyware-put.rules
>>> 
>>>         Extracted: /tha_rules/VRT-exploit.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-services.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-ie.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-windows.rules
>>> 
>>>         Extracted: /tha_rules/VRT-ddos.rules
>>> 
>>>         Extracted: /tha_rules/VRT-attack-responses.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-firefox.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-chrome.rules
>>> 
>>>         Extracted: /tha_rules/VRT-telnet.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-icmp-info.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-linux.rules
>>> 
>>>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-spam.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-tools.rules
>>> 
>>>         Extracted: /tha_rules/VRT-x11.rules
>>> 
>>>         Extracted: /tha_rules/VRT-p2p.rules
>>> 
>>>         Extracted: /tha_rules/VRT-scan.rules
>>> 
>>>         Extracted: /tha_rules/VRT-ftp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-php.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-activex.rules
>>> 
>>>         Extracted: /tha_rules/VRT-decoder.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-frontpage.rules
>>> 
>>>         Extracted: /tha_rules/VRT-rservices.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-executable.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-backdoor.rules
>>> 
>>>         Extracted: /tha_rules/VRT-multimedia.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-client.rules
>>> 
>>>         Extracted: /tha_rules/VRT-exploit-kit.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-pop.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-plugins.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-attacks.rules
>>> 
>>>         Extracted: /tha_rules/VRT-imap.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-flash.rules
>>> 
>>>         Extracted: /tha_rules/VRT-nntp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-dos.rules
>>> 
>>>         Extracted: /tha_rules/VRT-finger.rules
>>> 
>>>         Extracted: /tha_rules/VRT-phishing-spam.rules
>>> 
>>> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.
>>> 
>>> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.
>>> 
>>>         Extracted: d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt
>>> 
>>>         Extracted: /tha_rules/VRT-server-mysql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-oracle.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-iis.rules
>>> 
>>>         Extracted: /tha_rules/VRT-app-detect.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-multimedia.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pop2.rules
>>> 
>>>         Extracted: /tha_rules/VRT-bad-traffic.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-cgi.rules
>>> 
>>> Prepping rules from snortrules-snapshot-2940.tar.gz for work....
>>> 
>>>         extracting contents of d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...
>>> 
>>>         Ignoring plaintext rules: deleted.rules
>>> 
>>>         Ignoring plaintext rules: experimental.rules
>>> 
>>>         Ignoring plaintext rules: local.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-adware.rules
>>> 
>>>         Extracted: /tha_rules/VRT-misc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-backdoor.rules
>>> 
>>>         Extracted: /tha_rules/VRT-indicator-compromise.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-pdf.rules
>>> 
>>>         Extracted: /tha_rules/VRT-content-replace.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-identify.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-webkit.rules
>>> 
>>>         Extracted: /tha_rules/VRT-specific-threats.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-office.rules
>>> 
>>>         Extracted: /tha_rules/VRT-rpc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-dns.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-snmp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-coldfusion.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-voip.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-image.rules
>>> 
>>>         Extracted: /tha_rules/VRT-chat.rules
>>> 
>>>         Extracted: /tha_rules/VRT-voip.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-solaris.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-mssql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pop3.rules
>>> 
>>>         Extracted: /tha_rules/VRT-preprocessor.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-social.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-ftp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-webapp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-oracle.rules
>>> 
>>>         Extracted: /tha_rules/VRT-scada.rules
>>> 
>>>         Extracted: /tha_rules/VRT-other-ids.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-apache.rules
>>> 
>>>         Extracted: /tha_rules/VRT-sql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-icmp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-multimedia.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-p2p.rules
>>> 
>>>         Extracted: /tha_rules/VRT-info.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-mail.rules
>>> 
>>>         Extracted: /tha_rules/VRT-netbios.rules
>>> 
>>>         Extracted: /tha_rules/VRT-smtp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-icmp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-sensitive-data.rules
>>> 
>>>         Extracted: /tha_rules/VRT-indicator-shellcode.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-iis.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-finger.rules
>>> 
>>>         Extracted: /tha_rules/VRT-botnet-cnc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pua-toolbars.rules
>>> 
>>>         Extracted: /tha_rules/VRT-mysql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-virus.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-imap.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-cnc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-misc.rules
>>> 
>>>         Extracted: /tha_rules/VRT-tftp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-shellcode.rules
>>> 
>>>         Extracted: /tha_rules/VRT-blacklist.rules
>>> 
>>>         Extracted: /tha_rules/VRT-spyware-put.rules
>>> 
>>>         Extracted: /tha_rules/VRT-exploit.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-services.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-ie.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-windows.rules
>>> 
>>>         Extracted: /tha_rules/VRT-ddos.rules
>>> 
>>>         Extracted: /tha_rules/VRT-attack-responses.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-firefox.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-chrome.rules
>>> 
>>>         Extracted: /tha_rules/VRT-telnet.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-icmp-info.rules
>>> 
>>>         Extracted: /tha_rules/VRT-os-linux.rules
>>> 
>>>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-spam.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-tools.rules
>>> 
>>>         Extracted: /tha_rules/VRT-x11.rules
>>> 
>>>         Extracted: /tha_rules/VRT-p2p.rules
>>> 
>>>         Extracted: /tha_rules/VRT-scan.rules
>>> 
>>>         Extracted: /tha_rules/VRT-ftp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-malware-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-php.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-activex.rules
>>> 
>>>         Extracted: /tha_rules/VRT-decoder.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-frontpage.rules
>>> 
>>>         Extracted: /tha_rules/VRT-rservices.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-executable.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-other.rules
>>> 
>>>         Extracted: /tha_rules/VRT-backdoor.rules
>>> 
>>>         Extracted: /tha_rules/VRT-multimedia.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-client.rules
>>> 
>>>         Extracted: /tha_rules/VRT-exploit-kit.rules
>>> 
>>>         Extracted: /tha_rules/VRT-protocol-pop.rules
>>> 
>>>         Extracted: /tha_rules/VRT-browser-plugins.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-attacks.rules
>>> 
>>>         Extracted: /tha_rules/VRT-imap.rules
>>> 
>>>         Extracted: /tha_rules/VRT-file-flash.rules
>>> 
>>>         Extracted: /tha_rules/VRT-nntp.rules
>>> 
>>>         Extracted: /tha_rules/VRT-dos.rules
>>> 
>>>         Extracted: /tha_rules/VRT-finger.rules
>>> 
>>>         Extracted: /tha_rules/VRT-phishing-spam.rules
>>> 
>>> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.
>>> 
>>> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.
>>> 
>>>         Extracted: d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt
>>> 
>>>         Extracted: /tha_rules/VRT-server-mysql.rules
>>> 
>>>         Extracted: /tha_rules/VRT-oracle.rules
>>> 
>>>         Extracted: /tha_rules/VRT-server-iis.rules
>>> 
>>>         Extracted: /tha_rules/VRT-app-detect.rules
>>> 
>>>         Extracted: /tha_rules/VRT-policy-multimedia.rules
>>> 
>>>         Extracted: /tha_rules/VRT-pop2.rules
>>> 
>>>         Extracted: /tha_rules/VRT-bad-traffic.rules
>>> 
>>>         Extracted: /tha_rules/VRT-web-cgi.rules
>>> 
>>> Cleanup....
>>> 
>>>         removed 108 temporary snort files or directories from d:\winids\pulledpork\temp/tha_rules!
>>> 
>>> Fly Piggy Fly!
>>> 
>>>  
>>> 
>>> Best regards,
>>> 
>>> Michael...
>>> 
>>>  
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Free Next-Gen Firewall Hardware Offer
>>> Buy your Sophos next-gen firewall before the end March 2013
>>> and get the hardware for free! Learn more.
>>> http://p.sf.net/sfu/sophos-d2d-feb
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> 
>> 
>> 
>> -- 
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire
> 
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013 
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130210/fe82b8d5/attachment.html>


More information about the Snort-users mailing list