settings

GUARD_STATE=on
ORDER=ascending
COMMENT=
ENABLE_GUARD=on
GIDS=116,122,126
PRI3_TIME_QTY=6
PRI1_TIME_QTY=7
MAX_PRIOR=2
PRI2_TIME_QTY=3
MIN_PRIOR=1
PRI4_TIME_QTY=1
MT_PRIOR=no
TIME_QTY=2
FORCE_LOG=yes
TIME_LIMIT=days
COLUMN=3
PRI3_TIME_LIMIT=hrs
PRI4_TIME_LIMIT=hrs
IP=
SIDS='1:2015561,# we allow dropbox user content access,1:2017015,# ignore this signature for now,1:400000006,# we can't do anything about the following amplification attacks. the sources we see are spoofed and are actually the target of the attack.,# dns amplification,1:2016016,# SSDP amplification,1:2019102,# ignore 2000419 - PE EXE flowbit setter,1:2000419,# ignore 2000418 - ELF flowbit setter,1:2000418,1:2008438,# executable from amazon,1:2013414,# torrents,1:2011706,1:2012247,1:2014734,#blackhole,1:2014976,##,# can't dl mysql...,1:13824,3:13824,# FP from hustlerturf.com,1:17390,##,1:17131,#,1:15362,1:13319,1:13320,#,1:16377,#,# telnet in web page,1:19669,#,# cookiejacking??,1:19177,#,# mozcom-cdn FP,1:12633,#,1:2012046,# weird powerpoint blockage,3:16413,# outlook command,3:13573,# IE XHTML memory thing,1:13974,3:13974,# PCRE double-free,1:12286,# ignore 15306 to allow PE,# binaries to download,#1:15306,# ignore 16425 to allow PE,# binaries to upload,#1:16425,# ignore 2008576 to allow,# TinyPE binaries to download,1:2008576,# stupid 5712,1:5712,# stupid 11267,1:11267,# ignore antivirus magic byte evasion,1:17276,# possible malicious strings,1:2012205,# fp on msi file - tsvn,1:2012684,# QT ActiveX,1:8375,# WMP ActiveX,1:4156,#,1:2000334,1:2000357,1:2000369,1:2000536,1:2000537,1:2000538,1:2000540,1:2000543,1:2000544,1:2000545,1:2000546,1:2007727,1:2008581,1:2008582,1:2008583,1:2008584,1:2008585,1:2009582,1:2009583,1:2009584'
PRI2_TIME_LIMIT=days
LOG_LVL=7
PRI1_TIME_LIMIT=days