@filippo_carletti you said in here this:
The trojan category should NOT be set to Block.
However here you suggest me to use a setup that blocks ET-emerging-trojan. I was struggling because after I enabled Suricata with your configuration, I was unable to connect to community.nethserver.org (159.65.189.64). Using dig community.nethserver.org I got this ip 159.65.189.64 and using Evebox I found a DROP on that ip falling into ET TROJAN [PTsecurity] pkt checker 0 signature. I gonna follow your advice about not setting as BLOCK the Trojan Category, but this event got my attention anyway. How can I be sure this is just a false positive, and how can I report it?