[Snort-users] Fw: Unknown Class Type.

Dionne Queen ddd1236 at ...131...
Sat Jun 10 06:07:34 EDT 2017

     On Saturday, June 10, 2017 12:13 AM, Dionne Queen via Snort-users <snort-users at lists.sourceforge.net> wrote:

 I was  able to run Snort alerts with no problems last week. However, when I tried to run one of the rules from the categories, I keep getting the message "Unknown Class type: trojan-activity"
This is the alert I was trying to run and test:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLACKLIST User-Agent known malicious user agent - malware"; flow:to_server,established; content:"malware"; fast_pattern:only; http_header; pcre:"/^User-Agent\x3A[^\r\n]*malware/miH"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/analisis/c55e2acfed1996ddbd17ddd4cba57530dd34c207be9f9b327fa3fdbb10cdaa7c-1270750352; classtype:trojan-activity; sid:16551; rev:8;)

How do I get this message to go away so I can test one of the rule categories?
ddd1236 at ...131...
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list