[Oinkmaster-users] commented out rules
Brought to you by:
andreas_o
From: <mai...@lo...> - 2009-06-22 22:13:27
|
I've been getting my updates from emergingthreats.net and everything has been working fine. Recently some in house apps started using a port that sets off a false positive worm alert. I went ahead and commented out the alert which resolved the false positive. Yesterday oinkmaster went out and garbed the new signature alerts and overwrote the ones I commented out. Now all the false positives are back. I went into the oinkmaster.conf file and added the sig ids to the disablesid line and it is still uncommenting the rule when it gets updated. How do I get oinkmaster to go out and update my rules, but not alter the rules I comment out or edit. Any help will be appreciated, Thanks |