Snort mailing list archives

RE: Snort and creating new classtypes

From: Matthew Wagenknecht <Matthew.Wagenknecht () quantum com>
Date: Thu, 29 Aug 2002 10:17:25 -0600

Oh, yeah!! I also changed the rule file to reflect the classtype change..

:1,$s/misc-activity/virus/g

=c)

..:: Matt ::..  

                -----Original Message-----
                From: Matthew Wagenknecht 
                Sent: Thursday, August 29, 2002 10:11 AM
                To: 'snort-users () lists sourceforge net'
                Subject: Snort and creating new classtypes

                In the snort rules, a number of virus rules have
misc-activity. I want to move all virus signatures to a new classtype called
virus. I created a new line in classifications.config like the following::

                config classification: virus,Virus Detection,1

                However when in ACID, it shows up under unclassified. Is
there something else I need to do or is this and ACID issue?



                ..:: Matt ::..

Current thread:

Snort and creating new classtypes Matthew Wagenknecht (Aug 29)
- <Possible follow-ups>
- RE: Snort and creating new classtypes Matthew Wagenknecht (Aug 29)
- Re: Snort and creating new classtypes Roman Danyliw (Sep 03)