I confirm. I'm using ClearOS Home Edition and since the last intrusion-prevention update no more IP banned before that I had a lot of banned IP.
A quick look in /etc/snort.d/rules/clearcenter, only one alert activate snortsam.
What I did:
cat /etc/snort.d/rules/clearclenter/*.rules | grep fwsam:
and this is what I get:
Every rules who normaly should activate snortsam miss this statement "fwsam: src, 1 day" at the end of each alert.
So please, Clearcenter could you investigate.