Actions define what to do if a signature matches. Currently, there is only one
action defined: event
string raises a signature_match
event. The event handler has the following type:
event signature_match(state: signature_state, msg: string, data: string)
See \f{fig:signature-state} for a description of signature_state
. The given string
is passed as msg
, and data is the current part of the payload that
has eventually lead to the signature match (this may be empty for signatures without
content conditions).