Home page logo
/

snort logo Snort mailing list archives

False Positives on 1:17246
From: "Christopher A. Libby" <clibby () mainepublicservice com>
Date: Thu, 14 Oct 2010 09:54:04 -0400

Looks like there are a lot of false positives being generated on SPECIFIC-THREATS Multiple vendor Antivirus magic byte 
detection evasion attempt.  I haven't had time to review the rule itself to see if I can figure out what the issue is 
exactly - I can supply data if needed.

Also - does anyone have a script that could extract the full details of the even from the Snorby database?  I have a 
hard time providing data using the web-based export methods, as it doesn't contain all the information.  Thanks!

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault