[Snort-users] Klez false positive

Claudiu jones at ...3634...
Thu Jul 11 04:11:07 EDT 2002


Hi all,
I have active the last rule set from snort site and I am receiving a lot of Klez alerts which are false positive. The string "VGhpcyBwcm9" which Klez
rule is looking for is found, for example, in shokwaveinstaler.exe as well. Does anyone has a better rule? Thanks.





More information about the Snort-users mailing list