[Snort-users] RE: Snort and creating new classtypes

Matthew Wagenknecht Matthew.Wagenknecht at ...6755...
Thu Aug 29 09:30:05 EDT 2002


Oh, yeah!! I also changed the rule file to reflect the classtype change..

:1,$s/misc-activity/virus/g

=c)

..:: Matt ::..  

		-----Original Message-----
		From: Matthew Wagenknecht 
		Sent: Thursday, August 29, 2002 10:11 AM
		To: 'snort-users at lists.sourceforge.net'
		Subject: Snort and creating new classtypes

		In the snort rules, a number of virus rules have
misc-activity. I want to move all virus signatures to a new classtype called
virus. I created a new line in classifications.config like the following::

		config classification: virus,Virus Detection,1

		However when in ACID, it shows up under unclassified. Is
there something else I need to do or is this and ACID issue?



		..:: Matt ::..  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020829/ea0b3ad9/attachment.html>


More information about the Snort-users mailing list