m.sapsed at BANGOR.AC.UK
Fri Jan 23 09:23:38 GMT 2004
Martin Sapsed wrote:
> Randal, Phil wrote:
>> It looks very effective so far. The chickenpox rules give me more
>> with false positives, so I may have to lower the scores on those.
> I took a lot of = signs out of the chickenpox rules because I was
> getting quite a few false positives on e-mails to the Samba list - ones
> with smb.conf files pasted in!
and now I've taken it out altogether after some more FPs. At the moment
the local_WORDWORD_10 & 15 rules someone posted here (forgot who -
sorry!) are the most effective extra SA rules I'm using. A lot of the
stuff that BigEvil picks up either hits WORDWORD or DCC or both anyway.
The clever HABEAS_FORGERY rules do quite well too. BACKHAIR does ok but
often on messages that WORDWORD has picked up anyway.
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the MailScanner