Snort OpenAppID RULES Detectors fail to download.



  • I anyone else having issues downloading Snort OpenAppID RULES Detectors. Looks like a bad MD5 checksum.

    Downloading file 'appid_rules.tar.gz'…
    Done downloading rules file.
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
    Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
    Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.

    Kind Regards,
    Simon



  • Yup, same issue.


  • Galactic Empire

    Yup, same issue here.

    Starting rules update…  Time: 2017-12-10 18:54:15
    Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
    Checking Snort VRT rules md5 file...
    Snort VRT rules are up to date.
    Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
    Checking Snort OpenAppID detectors md5 file...
    Snort OpenAppID detectors are up to date.
    Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
    Checking Snort OpenAppID RULES detectors md5 file...
    There is a new set of Snort OpenAppID RULES detectors posted.
    Downloading file 'appid_rules.tar.gz'...
    Done downloading rules file.
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
    Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
    Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Checking Emerging Threats Open rules md5 file...
    Emerging Threats Open rules are up to date.
    The Rules update has finished.  Time: 2017-12-10 18:54:20



  • I also get problem with the APPID RULES download.

    According to logs it says:
      Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5…
      Checking Snort OpenAppID RULES detectors md5 file...
      There is a new set of Snort OpenAppID RULES detectors posted.
      Downloading file 'appid_rules.tar.gz'...
      Done downloading rules file.
      Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
      Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
      Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
      Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.

    And just to make sure, I manually downloaded the http://files.pfsense.org/openappid/appid_rules.tar.gz and http://files.pfsense.org/openappid/appid_rules.tar.gz.md5
    and then made a manual md5 checksum of the "appid_rules.tar.gz" and compared it to the downloaded one.

    DOWNLOADED:  d4539caec45fdb0484ded9de593e0dc4
    MANUAL MD5:      4a919586ee271f633a04b406b1332bf9

    Exactly the same as from the pfSense.  So either someone has modified the appid_rules.tar.gz after the checksum was created
    OR the appid_rules.tar.gz has been updated and someone has forgot to create a new updated md5 checksum file
    or possible that the the appid file has gone corrupted.

    Please correct this.

    The interesting part is that the appid file and the md5 file is stored at almost the same time. only 2 min apart.
    http://files.pfsense.org/openappid/
    appid_rules.tar.gz                                08-Dec-2017 20:46              788480
    appid_rules.tar.gz.md5                            08-Dec-2017 20:48                  33

    Best regards
    Dan Lundqvist
    MRZAZ.COM
    Stockholm, Sweden


  • Galactic Empire

    Confirmed. I have notified the developers however I don't think it will be resolved until tomorrow. Thank you for reporting the issue.



  • The issue has been resolved.



  • I know this has been solved previously, but I am now getting the same problem with the following error message.

    Checking Snort OpenAppID RULES detectors md5 file…
    There is a new set of Snort OpenAppID RULES detectors posted.
    Downloading file 'appid_rules.tar.gz'...
    Done downloading rules file.
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
    Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
    Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.

    This has been the case for the past week, so I have been waiting to see if this will be corrected. So far it has not been.


  • Galactic Empire

    Mine updated fine. Try reinstalling the package.


Log in to reply