Hogwash, Snort, Puresecure help

["Nick Duda" <nduda () VistaPrint com>]

Hey everyone, 
 
Does anyone have experience getting hogwash to drop packets that contain traffic on port 25 (email specifically) 
containing certain text? I have a snort /puresecrue ids system working great spanning a port where the external T1 
comes in. I want to drop traffic at that point using hogwash. I haven't been all that successful . Hogwash doesn't have 
much documentation. 

Thanks in advance,

Nick Duda, CCSA, Security+
Systems Administrator

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------