Agreed, the alarm is a false positive, but the signature did fire as it was designed to do. This signature is a catch-all for something that is usually suspicious to see in HTTP requests. Unfortunately, there isn't really anything we can do to prevent this type of problem without the use of filters or disabling the alarm. Perhaps it might make sense, to create filters for any UNIX web servers in your network. Or, just disable it outright.