From 75664ef618528fcf56539bbaf125cc31279ed544 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Thu, 23 Jan 2025 23:19:51 +0100
Subject: [PATCH] rules/files: remove invalid examples

Match on hash can't be used with filestore.
---
 rules/files.rules | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/rules/files.rules b/rules/files.rules
index 90db915559c1..f678f5a47242 100644
--- a/rules/files.rules
+++ b/rules/files.rules
@@ -46,11 +46,6 @@
 # Alert and store files over SMTP
 #alert smtp any any -> any any (msg:"File Found over SMTP and stored"; filestore; sid:27; rev:1;)
 
-# Alert and store files from black list checksum: md5 or sha1 or sha256
-#alert http any any -> any any (msg:"Black list checksum match and extract MD5"; filemd5:fileextraction-chksum.list; filestore; sid:28; rev:1;)
-#alert http any any -> any any (msg:"Black list checksum match and extract SHA1"; filesha1:fileextraction-chksum.list; filestore; sid:29; rev:1;)
-#alert http any any -> any any (msg:"Black list checksum match and extract SHA256"; filesha256:fileextraction-chksum.list; filestore; sid:30; rev:1;)
-
 # Alert and store files over FTP
 #alert ftp-data any any -> any any (msg:"File Found within FTP and stored"; filestore; filename:"password"; ftpdata_command:stor; sid:31; rev:1;)