Snort rules update fails



  • Hi,
    im trying to use Snort without luck… can get the rules updates. i have the Oinkmaster code (even tried to regenerate it)
    this is the error i get

    
    Downloading Snort VRT rules md5 file... FAILED!
    Snort VRT rules will not be updated.
    Server returned error code 0.
    Downloading Snort GPLv2 Community Rules md5 file... FAILED!
    Snort GPLv2 Community Rules will not be updated.
    Server returned error code 0.
    Cleaning up temp dirs and files... done.
    
    

    this install also has Squid & Squidguard



  • The updates work for me. Is it possible that your Squid / Squidguard installation is preventing pfSense from fetching the files?

    You don't need the Snort GPLv2 Community Rules if you have either the paid or free VRT rules installed, as the VRT rules are a superset of the GPLv2 rules. The free VRT rules are the same as the paid VRT rules, other than there is a time lag before rule changes appear in the free set.



  • @David_W:

    The updates work for me. Is it possible that your Squid / Squidguard installation is preventing pfSense from fetching the files?

    Hi David,
    thanks for the tip, i disabled ssl inspection in squid and indeed the update was done
    I tried to add proxy bypass rules for the URLs that snort uses but it dosent seem to help.

    any idea / suggestion ?

    Thanks again :)



  • Still didnt find any solution to why the Snort update is blocked by squid
    will be happy if anyone has some direction

    thanks



  • @gad_d:

    Still didnt find any solution to why the Snort update is blocked by squid
    will be happy if anyone has some direction

    thanks

    Does squid log any message that might give a hint what it does not like about the SSL handshake Snort uses for its updates?

    Bill