Alert help, web-client 3ivx MP4 file parsing cmt buffer overflow attempt

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

I had an alert triggered today, WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (1:13318), and I'm 
thinking this is a false positive.  The snort page for the alert doesn't list any known false positives.

Some of the payload info:

HTTP/1.1 200 OK
Date: Wed, 25 Mar 2009 20:51:54 GMT
Server: Apache/1.3.41.fb2
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="HONK"
Set-Cookie: made_write_conn=1238014314; path=/; domain=.facebook.com
Set-Cookie: cur_max_lag=3; path=/; domain=.facebook.com; httponly
X-Cnection: close
Transfer-Encoding: chunked
Content-Type: application/x-javascript; charset=utf-8
Content-Encoding: gzip

The reason I think it may be a false positive, is the fact that this appears to be a javascript, and is gzipped (??).  
I've seen other alerts triggered by JPEGs, and I've always assumed they were false positives, but I wanted to run it by 
all you because I could be missing something!

Also, if this is a false positive, how do I go about helping fill out the snort alert DB on the website?

Thanks,
Shawn

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users