[Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity

Joel Esler (jesler) jesler at ...589...
Fri Apr 11 14:52:02 EDT 2014

This is probably because your classification.config is in a place where the snort.conf can’t find it.

On Apr 11, 2014, at 2:16 PM, Rameez Qureshi <rameez_q at ...16117...<mailto:rameez_q at ...16117...>> wrote:

That clears things up, I have went to the blacklist rule

I'm not sure as to why is throwing up that error and when commenting out one rule and going onto the next gives me the same error

I have taken out the malware rules as I'm simply using snort for its detection of malicious attacks in the form of scanning or attacks with metasploit


Sent from my iPhone

On 11 Apr 2014, at 07:01 PM, "Nicholas Mavis (nmavis)" <nmavis at ...589...<mailto:nmavis at ...589...>> wrote:

The error points to line 22 in your blacklist.rules file not your snort.conf. See the following error message you provided:

ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity


From: Rameez Qureshi <rameez_q at ...16117...<mailto:rameez_q at ...16117...>>
Date: Friday, April 11, 2014 at 1:39 PM
To: "snort-users at lists.sourceforge.net<mailto:snort-users at ...5870....net>" <snort-users at lists.sourceforge.net<mailto:snort-users at ...2987...rge.net>>
Subject: [Snort-users] ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity


I still seem to be getting problems and cant seem to find an answer for the following erorr:

Initializing rule chains...
ERROR: ../rules/blacklist.rules(22) Unknown ClassType: trojan-activity
Fatal Error, Quitting..

I have no whitelist/blacklist rules added and found answers online pointing to possible problems with my classification.config and reference.config however I havent touched these files and dont know why its giving this error

The error which points to line 22 is the following in the snort.conf:
#     test mode -T you are required to supply an interface -i <interface>
#     or test mode will fail to fully validate the configuration and
#     exit with a FATAL error

I have ran snort in this mode with the following command: root at ...11994...:/usr/src# snort -T -i -c snort.conf

I have attached my snort.conf

Any help is greatly appreciated

Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/7170617d/attachment.html>

More information about the Snort-users mailing list