Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unknown Class Type.

From: Dionne Queen via Snort-users <snort-users () lists sourceforge net>
Date: Sat, 10 Jun 2017 04:10:48 +0000 (UTC)
I was  able to run Snort alerts with no problems last week. However, when I tried to run one of the rules from the 
categories, I keep getting the message "Unknown Class type: trojan-activity"
This is the alert I was trying to run and test:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLACKLIST User-Agent known malicious user agent - malware"; 
flow:to_server,established; content:"malware"; fast_pattern:only; http_header; 
pcre:"/^User-Agent\x3A[^\r\n]*malware/miH"; metadata:policy balanced-ips drop, policy security-ips drop, service http; 
reference:url,www.virustotal.com/analisis/c55e2acfed1996ddbd17ddd4cba57530dd34c207be9f9b327fa3fdbb10cdaa7c-1270750352; 
classtype:trojan-activity; sid:16551; rev:8;)

How do I get this message to go away so I can test one of the rule categories?
Thanks.
ddd1236 () yahoo com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: