[Owasp-modsecurity-core-rule-set] Stop particular alert
dyioulos at onpointfc.com
Wed Oct 19 12:50:57 EDT 2011
It's a bit embarrassing that I can't figure out how to stop this
particular alert, but I don't know how. Here's the situation:
I have Sophos anti-virus installed on some of my Linux boxes. I
keep getting Ossec alerts like the following:
2011 Oct 19 11:21:59 Rule Id: 1002 level: 2
Location: (plymouth) 192.168.1.2->/var/log/messages
Unknown problem somewhere in the system.
Oct 19 11:21:59 plymouth savd: savscan.log: On-demand scan
details: master boot records scanned: 0, boot records scanned: 0,
files scanned: 3, scan errors: 0, viruses detected: 0, infected
files detected: 0
Obviously, I don't want this event to alert. What do I have to do
in Ossec to prevent this specific alert?
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Owasp-modsecurity-core-rule-set