--- /usr/local/pkg/snort/snort_check_for_rule_updates.php.bak	2021-04-16 09:48:14.273183000 +0200
+++ /usr/local/pkg/snort/snort_check_for_rule_updates.php	2021-04-16 09:57:55.130229000 +0200
@@ -434,6 +434,9 @@
 $last_curl_error = "";
 $update_errors = false;
 
+/* Store the Snort running state before we starting doing things. So we can use it the determine if we should restart the services even when it has crashed due to the update process. */
+$snort_running = is_service_running("snort");
+
 /*  Check for and download any new Snort Subscriber Rules sigs */
 if ($snortdownload == 'on') {
 	if (snort_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}?oinkcode={$oinkid}", "{$tmpfname}/{$snort_filename_md5}", "Snort Subscriber rules")) {
@@ -833,7 +836,7 @@
 	$rebuild_rules = false;
 
 	/* Restart snort if running, and not in post-install, so as to pick up the new rules. */
-       	if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) {
+       	if (!$g['snort_postinstall'] && $snort_running && count($config['installedpackages']['snortglobal']['rule']) > 0) {
 		snort_update_status(gettext('Restarting Snort to activate the new set of rules...'));
 		error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		touch("{$g['varrun_path']}/snort_pkg_starting.lck");
@@ -850,7 +853,7 @@
 	/* Only updated OpenAppID detectors, so do not need to rebuild all interface rules.   */
 	/* Restart snort if running, and not in post-install, so as to pick up the detectors. */
 	/**************************************************************************************/
-       	if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) {
+       	if (!$g['snort_postinstall'] && $snort_running && count($config['installedpackages']['snortglobal']['rule']) > 0) {
 		snort_update_status(gettext('Restarting Snort to activate the new OpenAppID detectors...'));
 		error_log(gettext("\tRestarting Snort to activate the new OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE);
 		touch("{$g['varrun_path']}/snort_pkg_starting.lck");