[Owasp-modsecurity-core-rule-set] Stop particular alert

[Dimitri Yioulos]

All,

It's a bit embarrassing that I can't figure out how to stop this 
particular alert, but I don't know how.  Here's the situation:

I have Sophos anti-virus installed on some of my Linux boxes.  I 
keep getting Ossec alerts like the following:

2011 Oct 19 11:21:59 Rule Id: 1002 level: 2
Location: (plymouth) 192.168.1.2->/var/log/messages
Unknown problem somewhere in the system.
Oct 19 11:21:59 plymouth savd: savscan.log: On-demand scan 
details: master boot records scanned: 0, boot records scanned: 0, 
files scanned: 3, scan errors: 0, viruses detected: 0, infected 
files detected: 0

Obviously, I don't want this event to alert.  What do I have to do 
in Ossec to prevent this specific alert?

Many thanks.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.