[Snort-sigs] Why not the otherway around??
bmc at ...95...
Wed Oct 17 16:52:14 EDT 2001
According to Chris Green:
> To lower this type of false positive rate, I have thought about
> creating something like "passcontent: admin_cmd.exe" that would work
> after a rule is going to be decalred successful and work at a certain
use the following
That should work. (If I remember correctly)
More information about the Snort-sigs