[Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity

Rameez Qureshi rameez_q at ...16117...
Fri Apr 11 14:16:59 EDT 2014


That clears things up, I have went to the blacklist rule 

I'm not sure as to why is throwing up that error and when commenting out one rule and going onto the next gives me the same error

I have taken out the malware rules as I'm simply using snort for its detection of malicious attacks in the form of scanning or attacks with metasploit 

Thanks
Rameez 


Sent from my iPhone

On 11 Apr 2014, at 07:01 PM, "Nicholas Mavis (nmavis)" <nmavis at ...589...> wrote:

> The error points to line 22 in your blacklist.rules file not your snort.conf. See the following error message you provided:
> 
> ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
> 
> Nick
> 
> From: Rameez Qureshi <rameez_q at ...16117...>
> Date: Friday, April 11, 2014 at 1:39 PM
> To: "snort-users at lists.sourceforge.net" <snort-users at ...3893...t>
> Subject: [Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
> 
> Hello
> 
> I still seem to be getting problems and cant seem to find an answer for the following erorr:
> 
> Initializing rule chains...
> ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
> Fatal Error, Quitting..
> 
> I have no whitelist/blacklist rules added and found answers online pointing to possible problems with my classification.config and reference.config however I havent touched these files and dont know why its giving this error
> 
> The error which points to line 22 is the following in the snort.conf:
> #     test mode -T you are required to supply an interface -i <interface>
> #     or test mode will fail to fully validate the configuration and
> #     exit with a FATAL error
> 
> I have ran snort in this mode with the following command: root at ...16775....:/usr/src# snort -T -i 192.168.0.10 -c snort.conf
> 
> I have attached my snort.conf
> 
> Any help is greatly appreciated
> 
> Thanks
> Rameez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/8cb82127/attachment.html>


More information about the Snort-users mailing list