[Snort-users] Unknown Class Type.

Dionne Queen ddd1236 at ...131...
Sat Jun 10 00:10:48 EDT 2017


I was  able to run Snort alerts with no problems last week. However, when I tried to run one of the rules from the categories, I keep getting the message "Unknown Class type: trojan-activity"
This is the alert I was trying to run and test:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLACKLIST User-Agent known malicious user agent - malware"; flow:to_server,established; content:"malware"; fast_pattern:only; http_header; pcre:"/^User-Agent\x3A[^\r\n]*malware/miH"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/analisis/c55e2acfed1996ddbd17ddd4cba57530dd34c207be9f9b327fa3fdbb10cdaa7c-1270750352; classtype:trojan-activity; sid:16551; rev:8;)

How do I get this message to go away so I can test one of the rule categories?
Thanks.
ddd1236 at ...131...


More information about the Snort-users mailing list