Does anyone know what signature 7304 triggers on?
Certain signatures have hidden/encrypted parameters because we have an obligation to protect information disclosed to us. Yes, it has to be that way.
The signature which started this thread, was in fact 7304-1, which is retired and disabled by default. It's for a specific file, and this was in fact a false positive. A revised signature (7304-1) should be out in the next couple releases.
The preferred method to resolve these issues, would be to open a TAC case and if they need assitance, they engage us. Sometimes we'll pick these up off the forum, bandwidth providing.
Its helpful to provide alert output - preferably with "verbose alert" enabled - for the signature in question, and any other relevant information.