Snort is trying to install an invalid VRT file



  • Snort is failing to install the VRT rules. It is requesting file snortrules-snapshot-2980.tar.gz.md5 while there is no ". . . 2980 . . .", it's . . . 2982 . . .

    See log below

    ===================

    Starting rules update…  Time: 2016-07-03 17:16:54
    Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5
    Snort VRT rules md5 download failed.
    Server returned error code 422.
    Server error message was:
    Snort VRT rules will not be updated.
    Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
    Checking Snort OpenAppID detectors md5 file...
    Snort OpenAppID detectors are up to date.
    Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    Checking Snort GPLv2 Community Rules md5 file...
    Snort GPLv2 Community Rules are up to date.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    Emerging Threats Open rules are up to date.
    The Rules update has finished.  Time: 2016-07-03 17:16:57

    ==================

    where is this URL set? The Oinkcode worked just fine elsewhere, it looks to be the request is the issue.

    Thanks in advance



  • Same  here.  Have only had pfSense installed for a few weeks in a VM as a test and noticed this today:

    –----
    Starting rules update...  Time: 2016-07-03 20:00:30
    Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 422.
    Server error message was:
    Snort VRT rules will not be updated.

    Been failing since 7/1.



  • Same for me !
    :(
    snort 3.2.9.1_13 / snort-2.9.8.0_1



  • This will be fixed soon.  An updated package pull request has been posted and is waiting to be merged into the RELEASE pfSense package repository.  The updated package is already in the DEVEL tree.

    The July 4 holiday weekend here in the United States has slowed things down a little bit.  It was ultimately my mistake for letting the EOL date of the Snort VRT rules sneak up on me.  I was not timely in getting the 2.9.8.3 update for the Snort binary out there.  The rules for the 2.9.8.0 version that is currently in pfSense RELEASE went EOL on July 1.

    Bill


Log in to reply