Snort OpenAppID RULES Detectors fail to download



  • Snort OpenAppID RULES Detectors always fails to download updates….

    log shows:
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5:

    tried forced update... still not updated

    please help anyone..thank you in advance.


  • Galactic Empire Netgate

    I have tried it just now and rules download without issues. What does your log say?



  • log shows:
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5:


  • Galactic Empire Netgate

    This is fixed by now. Can you try updating the rules?



  • Seems like this is still an issue. Seeing the same error.



  • I concur, this is still an issue unfortunately.
    Would appreciate some tips or solutions.

    snort 3.2.9.5_3 on PfSense 2.3.4-Release

    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
    Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
    Snort OpenAppID RULES detectors file download failed.



  • Me also facing same issue.
    I have enough space in /temp and vart( 300mb)



  • @Wroxc:

    Me also facing same issue.
    I have enough space in /temp and vart( 300mb)

    OpenAppID detector rules is a different problem.  The pfSense team started hosting these volunteer-maintained rules on their site, but there have been some recurring issues with the MD5 checksum not being recalculated correctly when the rules are updated.  Hopefully one of the pfSense folks will see this thread, or you can try contacting them directly.

    Bill



  • It might have everything to do with the timing of downloading your updates for Snort. I installed Snort not quite a month ago and have been downloading the OpenAppID Rules without any problems to date. I have my Snort updates run at 4:05a Eastern (GMT-5), with one update per day.



  • I have two pfsense systems with this rule set installed. On one of the systems, the rules are fine. I can force update and they update properly. On the other system, which is connected to the same edge router, the date of the rule set is december 8th, 2017 and it will not update. I've tried force update a few times and it made no difference. Any suggestions?



  • Further to the previous post, in one of my systems, OpenAppID RULES Detectors updated on its own this morning. The other system is still stuck at December 8th, 2017, reporting the same MD5 error as above. Is there a fix for this?



  • The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?



  • @bimmerdriver:

    The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

    There was an update to the Snort GUI a month or two back that updated the URL used for downloading the OpenAppID rules package.  Perhaps your older version is trying the older URL?

    The current Snort GUI package version is 3.2.9.6.

    Bill



  • @bmeeks:

    @bimmerdriver:

    The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

    There was an update to the Snort GUI a month or two back that updated the URL used for downloading the OpenAppID rules package.  Perhaps your older version is trying the older URL?

    The current Snort GUI package version is 3.2.9.6.

    Bill

    I updated the package and the problem is fixed. Thank you very much.