[Snort-sigs] Bleeding Snort updates and a new ruleset

Matt Jonkman matt at ...2436...
Tue Dec 14 17:45:01 EST 2004

The custom ruleset we enabled a week or so ago was orogonally just a 
grep of all rules that had been disabled by default. The idea was to 
give folks a way to easily look at everything that's disabled and decide 
if they want to use it themselves. There was a lot of interest there, 
and some new rules that do need that consideration. So we're turning it 
into a real ruleset. That's done now. You'll need to add to your snort.conf:

include $RULE_PATH/bleeding-custom.rules

Unless you're just running the full ruleset. These will all be disabled 
by default. You can view what's there now at

We will be slowly moving more of the disabled rules there as we go. The 
goal being that every rule in other rulesets is active and safe to use 
by default. Anything that can't fit that criteria will move to the 
custom set where you'll have to take a look yourself.

You'll see a lot of junk in today's update, ignore most of it, that 
reflects the change here.

Feedback welcome as always.


More information about the Snort-sigs mailing list