Hi,
Yes, recent Windows curl builds will convert between UTC and local time.
I was just caught off-guard, that Sniffer is using an "external" datum which
is subject for wanted or unwanted manipulation for something as crucial as
determining the "file version" of the rule base? If (due to copying files
between servers) a sniffer file has a "bogus" file date, Sniffer would
actually rely on that and be thrown out of whack?
I would have expected that the SNF file was "self-contained" (e.g.,
contained an internal version id or timestamp) so that it was not subject to
outside interference.
Best Regards,
Andy
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Wednesday, October 08, 2008 1:30 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Updated getRuleBase.cmd
Hello Andy,
Wednesday, October 8, 2008, 12:52:59 PM, you wrote:
>
Hi,
After resolving the issues with UTC vs. local time (apparently the Sniffer
service doesn't actually use a version identifier inside the SNF file, but
relies on the Windows file date to determine what rulebase version is in
place), here the updated getRuleBase.cmd.
>
1. Get the latest CURL.EXE for Win 2000 or higher from
<http://curl.haxx.se/latest.cgi?curl=win32-nossl-sspi>
http://curl.haxx.se/latest.cgi?curl=win32-nossl-sspi (don't use older builds
to avoid timezone issues).
Does this resolve the timestamp issues you indicated in your previous
message?
SNF gets the timestamp from the file system the using gmtime() of the
modification timestamp on the file. The same call is made in the SYNC server
software when the rulebase timestamp is provided to the SNF node for
comparison.
gmtime() provides the UTC time (used to be known as GMT) for any timestamp.
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
