[Intrusions] Assessing Your Malware Exposure with Snort

[Brian]

On Thu, Mar 10, 2005 at 04:21:27PM -0500, Matt Jonkman wrote:
> I had started to combine these rules into multi-condition pcre. Making 
> one rule out of 30 or 40 original single domain rules. And I can't 
> remember where the heck I put them now or I'd link to them for you.
> 
> So my question is, will this be more efficient in a single comdin match 
> per rule, or multiple?

Not sure.  Depends on how much overlap there is in the regexp.  You
should benchmark it and see.

Brian