rules/files: remove invalid examples

Match on hash can't be used with filestore.
OISF · Jan 23, 2025 · 75664ef · 75664ef
1 parent 25eeaca
commit 75664ef
Showing 1 changed file with 0 additions and 5 deletions.
diff --git a/rules/files.rules b/rules/files.rules
@@ -46,11 +46,6 @@
 # Alert and store files over SMTP
 #alert smtp any any -> any any (msg:"File Found over SMTP and stored"; filestore; sid:27; rev:1;)
 
-# Alert and store files from black list checksum: md5 or sha1 or sha256
-#alert http any any -> any any (msg:"Black list checksum match and extract MD5"; filemd5:fileextraction-chksum.list; filestore; sid:28; rev:1;)
-#alert http any any -> any any (msg:"Black list checksum match and extract SHA1"; filesha1:fileextraction-chksum.list; filestore; sid:29; rev:1;)
-#alert http any any -> any any (msg:"Black list checksum match and extract SHA256"; filesha256:fileextraction-chksum.list; filestore; sid:30; rev:1;)
-
 # Alert and store files over FTP
 #alert ftp-data any any -> any any (msg:"File Found within FTP and stored"; filestore; filename:"password"; ftpdata_command:stor; sid:31; rev:1;)