[Snort-users] False Positives on 1:17246
Christopher A. Libby
clibby at ...14973...
Thu Oct 14 09:54:04 EDT 2010
Looks like there are a lot of false positives being generated on SPECIFIC-THREATS Multiple vendor Antivirus magic byte detection evasion attempt. I haven't had time to review the rule itself to see if I can figure out what the issue is exactly - I can supply data if needed.
Also - does anyone have a script that could extract the full details of the even from the Snorby database? I have a hard time providing data using the web-based export methods, as it doesn't contain all the information. Thanks!
More information about the Snort-users