Question about scoring with sanesecurity signatures
nmilas at noa.gr
Tue Oct 9 09:58:45 CEST 2012
On 5/9/2012 8:57 μμ, Noel Jones wrote:
> @virus_name_to_spam_score_maps =
> (new_RE( # the order matters!
> [ qr'^ScamNailer\.Phish' => 5.0 ], # phish scored at 5.
> [ qr'^ScamNailer\.' => 4.0 ], # others scored at 4.
Would it be possible to force scoring to 0.0 to effectively disable a
set of rules, like:
[ qr'^ScamNailer\.' => 0.0 ]
Also, are there any suggestions based on experience for such
sanesecurity score maps, aiming at eliminating (or reducing to a very
very low rate) false positives? We can stand some false negatives, but
it is very important to avoid false positives.
Any advice or reference would be appreciated.
More information about the amavis-users