ETOpen Ruleset contains files, which is not found in source

[Eagleman7]

I've spotted the category files in the ETOpen Ruleset. However once I go to the source, click edit, download the tar file from the source itself (https://rules.emergingthreats.net/open/suricata-3.0/emerging.rules.tar.gz) there is no rule file named 'files' inside the tar with the name files.rules

When I open the category files it says it the filename is at: rules/files.rules

So the question is where it is getting files.rules from, it's there, but it is not found in the source.

[pevma]

I think it is form here - https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/show/rules Suricata's sources. We need to update those though.

Can you please open a separate ticket please for the missing ones?

[Eagleman7]

How can it download the rules from https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/show/rules when the source target is set to https://rules.emergingthreats.net/open/suricata-3.0/emerging.rules.tar.gz ?

[regit]

@Eagleman7 indeed, it is not in the archive. Could you post a sreenshot of the page showing the category ?

[Eagleman7]

http://i.imgur.com/YoM9zRQ.png

[Eagleman7]

It seems to be originating from the Amsterdam installation, I exported the backup from there into my new installation. Should it remove categories when they don't exist in the source?

If not, is it possible to do this myself, its only possible to enable or disable a category.

I tested this by making a new source with the same link (https://rules.emergingthreats.net/open/suricata-3.0/emerging.rules.tar.gz), then the files category did not exist.

[regit]

ok, maybe I should just update the code to delete category if not present anymore.

[Eagleman7]

That would be one of the solutions, what happens if a specific rule doesn't exist anymore, does scirius delete the rule?

[regit]

yes, it get deleted.

[Eagleman7]

Makes sense to do the same for unused categories then as well.