Including an ET rules download prevents so_rules.rules file from being generated

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Include a rules_url entry that pulls ET (emergingthreats) rules
2.
3.

What is the expected output? What do you see instead?
Expected that the SO rules file will be refreshed - it isn't

What version of the product are you using? On what operating system?
0.5.0 on Centos5.5

Please provide any additional information below.
Running without an ET rules_url entry updates the SO rules file as expected.

Original issue reported on code.google.com by CunningP...@gmail.com on 26 Oct 2010 at 7:10

[GoogleCodeExporter]

Original comment by Cummin...@gmail.com on 27 Oct 2010 at 8:08

• Changed state: Accepted

[GoogleCodeExporter]

Original comment by Cummin...@gmail.com on 29 Oct 2010 at 11:48

[GoogleCodeExporter]

This two vars should be added to the code base:

***AT begining of file****
my $isVRT=0;
my $isET=0;

****CODE Change that sets sostub to undef*****
    if ( !$NoDownload ) {

        foreach (@base_url) {
            my ( $base_url, $rule_file, $oinkcode ) = split( /\|/, $_ );
            croak
"You need to define an oinkcode, please review the rule_url section of the 
pulledpork config file!\n"
              unless $oinkcode;
            croak(
                "please define the rule_url correctly in the pulledpork.conf\n")
              unless defined $base_url;
            croak(
                "please define the rule_url correctly in the pulledpork.conf\n")
              unless defined $rule_file;

            if ( $base_url =~ /snort\.org/i ) {
                $isVRT = 1;
                unless ( $rule_file =~ /snortrules-snapshot-\d{4}\.tar\.gz/ ) {
                    croak(
"The specified Snort binary does not exist!\nPlease correct the value or 
specify the FULL",
                        " rules tarball name in the pulledpork.conf!\n"
                    ) unless $Snort;
                    my $Snortv = $Snort;
                    $Snortv =~ s/\.//g;
                    $rule_file = "snortrules-snapshot-$Snortv.tar.gz";
                }
            }
            elsif ( $base_url =~ /emergingthreats.net/ ) {
                $isET = 1;
                my $Snortv = $Snort;
                $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//;
                $base_url .= "$oinkcode/snort-$Snortv/";
            }

            $Hash = 1 unless $base_url =~ /(emergingthreats|snort.org)/;

            if ( !$Hash ) {
                $md5 = md5file( $oinkcode, $rule_file, $temp_path, $base_url );
            }

      # and now lets determine the md5 of the last saved rules file if it exists
            if ( -f "$temp_path" . "$rule_file" && !$Hash ) {
                $rule_digest = md5sum( $rule_file, $temp_path );
            }
            else {    # the file didn't exsist so lets get it
                rulefetch( $oinkcode, $rule_file, $temp_path, $base_url );
                if ( -f "$temp_path" . "$rule_file" && !$Hash ) {
                    $rule_digest = md5sum( $rule_file, $temp_path );
                }
            }

# compare the online current md5 against against the md5 of the rules file on 
system
            compare_md5(
                $oinkcode, $rule_file, $temp_path,   $Hash,
                $base_url, $md5,       $rule_digest, $Distro,
                $arch,     $Snort,     $Sorules,     $ignore_files,
                $docs
            );
        }
    }
    undef $Sostubs if ( $isET && !$isVRT );

Original comment by pktho...@gmail.com on 5 Nov 2010 at 4:44

[GoogleCodeExporter]

Fixed - rev#174

Original comment by Cummin...@gmail.com on 8 Nov 2010 at 4:59

• Changed state: Fixed

[GoogleCodeExporter]

You might consider a new release to to get this fix pushed out to users.  VRT + 
ET-Open is still a fairly common config and I burned some time troubleshooting 
this problem before finding this bug and realizing that I needed to upgrade to 
the latest trunk.

Original comment by mikeloc...@gmail.com on 16 Dec 2010 at 11:35