# example enablesid.conf

# Example of modifying state for individual rules
# 1:1034,1:9837,1:1270,1:3390,1:710,1:1249,3:13010

# Example of modifying state for rule ranges
# 1:220-1:3264,3:13010-3:13013

# Comments are allowed in this file, and can also be on the same line
# As the modify state syntax, as long as it is a trailing comment
# 1:1011 # I Disabled this rule because I could!

# Example of modifying state for MS and cve rules, note the use of the : 
# in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
# and all MS00 and all cve 2000 related sids!  These support regular expression
# matching only after you have specified what you are looking for, i.e. 
# MS00-<regex> or cve:<regex>, the first section CANNOT contain a regular
# expression (MS\d{2}-\d+) will NOT work, use the pcre: keyword (below)
# for this.
# MS09-008,cve:2009-0233,bugtraq:21301,MS00-\d+,cve:2000-\d+

# Example of using the pcre: keyword to modify rulestate.  the pcre keyword 
# allows for full use of regular expression syntax, you do not need to designate
# with / and all pcre searches are treated as case insensitive. For more information 
# about regular expression syntax: http://www.regular-expressions.info/
# The following example modifies state for all MS07 through MS10 
# pcre:MS(0[7-9]|10)-\d+
# pcre:"Joomla"

# Example of modifying state for specific categories entirely.
# "snort_" limits to Snort VRT rules, "emerging-" limits to 
# Emerging Threats Open rules, "etpro-" limits to ET-PRO rules.
# "shellcode" with no prefix would match in any vendor set.
# snort_web-iis,emerging-shellcode,etpro-imap,shellcode

# Any of the above values can be on a single line or multiple lines, when 
# on a single line they simply need to be separated by a ,
# 1:9837,1:220-1:3264,3:13010-3:13013,pcre:MS(0[0-7])-\d+,MS09-008,cve:2009-0233