Snort mailing list archives
False Positives on 1:17246
From: "Christopher A. Libby" <clibby () mainepublicservice com>
Date: Thu, 14 Oct 2010 09:54:04 -0400
Looks like there are a lot of false positives being generated on SPECIFIC-THREATS Multiple vendor Antivirus magic byte detection evasion attempt. I haven't had time to review the rule itself to see if I can figure out what the issue is exactly - I can supply data if needed. Also - does anyone have a script that could extract the full details of the even from the Snorby database? I have a hard time providing data using the web-based export methods, as it doesn't contain all the information. Thanks! ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- False Positives on 1:17246 Christopher A. Libby (Oct 14)
- Re: False Positives on 1:17246 Josh Little (Oct 14)
- Re: False Positives on 1:17246 Nigel Houghton (Oct 14)
- Re: False Positives on 1:17246 Josh Little (Oct 14)