AW: [Snort-devel] spp_unidecode false alert reduction
Sandro.Poppi at ...1204...
Tue May 28 07:42:06 EDT 2002
thanks for your answer.
If I understood you right I have 2 choices:
Either use snort 1.9.x and http_decode or stay at 1.8.x and live with those
alerts of unidecode, since according to the comments in your shipped
snort.conf unidecode's use is recommended instead of http_decode in 1.8.x.
> > Hi there,
> > I would like to discuss some changes in spp_unidecode to
> reduce false
> > positives.
> unidecode is being deprecated in favor of the newer http decoder. I
> still need to document the options for it but check out the top of
> the HEAD branch's http decoder for more info :-)
> Chris Green <cmg at ...402...>
> A good pun is its own reword.
More information about the Snort-devel