How to disable ALL rules except MALWARE-CNC

[GoogleCodeExporter]

What steps will reproduce the problem?
1. I would like to disable ALL signatures except the ones that are part of the 
MALWARE-CNC
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
Centos 6.4 x86_64 and pulledpork 0.7.0

Please provide any additional information below.
As a test in my disablesid.conf I have FILE-PDF, but nothing happens. 

perl pulledpork.pl -c ./etc/pulledpork.conf -i ./etc/disablesid.conf -T -vv

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Config File Variable Debug ./etc/pulledpork.conf snort_version = 2.9.5 IPRVersion = /etc/snort/rules/iplists disablesid = /home/mbaki/Downloads/pulledpork-read-only/etc/disablesid.conf distro = Centos-6-4 ignore = deleted,experimental,local,decoder,preprocessor,sensitive-data rule_path = /etc/snort/rules/snort.rules sid_msg = /etc/snort/sid-msg.map ips_policy = balanced snort_path = /usr/local/bin/snort temp_path = /tmp enablesid = /home/mbaki/Downloads/pulledpork-read-only/enablesid.conf black_list = /etc/snort/rules/default.blacklist version = 0.7.0 sid_changelog = /var/log/sid_changes.log sid_msg_version = 2 config_path = /etc/snort/snort.conf local_rules = /etc/snort/rules/local.rules rule_url = ARRAY(0x2338918) state_order = enable,drop,disable sorule_path = /usr/local/lib/snort_dynamicrules/ MISC (CLI and Autovar) Variable Debug: arch Def is: x86-64 Config Path is: ./etc/pulledpork.conf Distro Def is: Centos-6-4 balanced policy specified local.rules path is: /etc/snort/rules/local.rules Rules file is: /etc/snort/rules/snort.rules Path to disablesid file: ./etc/disablesid.conf Path to enablesid file: /home/mbaki/Downloads/pulledpork-read-only/enablesid.conf sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.5 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/local/bin/snort Text Rules only Flag is Set Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2953.tar.gz|cc3572c8fbfd971e5d265ccf548f76b84f874e37 Checking latest MD5 for snortrules-snapshot-2953.tar.gz.... Fetching md5sum for: snortrules-snapshot-2953.tar.gz.md5 \ GET https://www.snort.org/reg-rules/snortrules-snapshot-2953.tar.gz.md5/cc3572c8fbfd 971e5d265ccf548f76b84f874e37 ==> 200 OK (1s) most recent rules file digest: bb988edc02ca6076b5474abbe8a07563 current local rules file digest: bb988edc02ca6076b5474abbe8a07563 The MD5 for snortrules-snapshot-2953.tar.gz matched bb988edc02ca6076b5474abbe8a07563

Cleanup.... removed 0 temporary snort files or directories from /tmp/tha_rules! Writing /var/log/sid_changes.log.... Done

No Rule Changes

No IP Blacklist Changes

Done Please review /var/log/sid_changes.log for additional details Fly Piggy Fly!

Thanks

Original issue reported on code.google.com by `monahb...@gmail.com` on 20 Sep 2013 at 6:10

[GoogleCodeExporter]

This is not a valid bug but rather a request for assistance.  Please address 
questions such as this to the snort-users mailing list or pulled-pork google 
group that can be found at: http://groups.google.com/group/pulledpork-users

Original comment by Cummin...@gmail.com on 20 Sep 2013 at 7:23

• Changed state: Invalid
• Added labels: Priority-Low
• Removed labels: Priority-Medium