[Solved] Snort Updates - Bad MD5 checksum's (all files)



  • Hi Folks,
    Brand new pfSense user here.

    I'm currently running 2.3.1 with Snort 3.2.9.1_12.
    I can't get updates for any Snort rules though.

    It downloading something, but all updates are showing the below "Bad MD5 checksum" errors.

    Both the standard Update Rules and the Force Update show the same thing.

    I've tried un-/re-installing the Snort package, but are still getting the same result.

    Anyone got any ideas?

    Seems a bit odd this is across all rule files.

    Thanks in advance!

    edit: forgot to say the "Downloaded XXXX rules file MD5:" checksums change every time, so it almost appears like all the downloads are being terminated early.
    I haven't noticed any other issues with WAN connections/downloads in my setup.

    Starting rules update...  Time: 2016-05-05 12:33:38
    	Downloading Snort VRT rules md5 file snortrules-snapshot-2980.tar.gz.md5...
    	Checking Snort VRT rules md5 file...
    	There is a new set of Snort VRT rules posted.
    	Downloading file 'snortrules-snapshot-2980.tar.gz'...
    	Done downloading rules file.
    	Snort VRT rules file download failed.  Bad MD5 checksum.
    	Downloaded Snort VRT rules file MD5: aa48269200b319e816705e982524c1cc
    	Expected Snort VRT rules file MD5: 8e9a421dfcee6bbee8f4960e765f5805
    	Snort VRT rules file download failed.  Snort VRT rules will not be updated.
    	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    	Checking Snort GPLv2 Community Rules md5 file...
    	There is a new set of Snort GPLv2 Community Rules posted.
    	Downloading file 'community-rules.tar.gz'...
    	Done downloading rules file.
    	Snort GPLv2 Community Rules file download failed.  Bad MD5 checksum.
    	Downloaded Snort GPLv2 Community Rules file MD5: d41d8cd98f00b204e9800998ecf8427e
    	Expected Snort GPLv2 Community Rules file MD5: c71d7def7bb4d74e466c89e59f4b7109
    	Snort GPLv2 Community Rules file download failed.  Snort GPLv2 Community Rules will not be updated.
    	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    	Checking Emerging Threats Open rules md5 file...
    	There is a new set of Emerging Threats Open rules posted.
    	Downloading file 'emerging.rules.tar.gz'...
    	Done downloading rules file.
    	Emerging Threats Open rules file download failed.  Bad MD5 checksum.
    	Downloaded Emerging Threats Open rules file MD5: d41d8cd98f00b204e9800998ecf8427e
    	Expected Emerging Threats Open rules file MD5: f719da6bc5b2ccd9515a160201efee53
    	Emerging Threats Open rules file download failed.  Emerging Threats Open rules will not be updated.
    The Rules update has finished.  Time: 2016-05-05 12:40:29
    


  • Found it.
    It appears I only had a 40M RAM /tmp. Increased the size of this (System>Advanced>Miscellaneous + reboot) and it's good.



  • Very, very bad idea to use RAM disks with Snort or Suricata.  You will run out of disk space and have weird issues.  You just experienced one of them.

    I suggest only running the IDS/IPS packages on systems with a relatively large hard disk (conventional or SSD) and stay away from NanoBSD installs and the use of RAM disks.

    Bill


Log in to reply