Question about scoring with sanesecurity signatures

[Nikolaos Milas]

On 5/9/2012 8:57 μμ, Noel Jones wrote:

> @virus_name_to_spam_score_maps =
>    (new_RE(  # the order matters!
>      [ qr'^ScamNailer\.Phish'  => 5.0 ], # phish scored at 5.
>      [ qr'^ScamNailer\.'  => 4.0 ],  # others scored at 4.
>   ));

Hello,

Would it be possible to force scoring to 0.0 to effectively disable a 
set of rules, like:

@virus_name_to_spam_score_maps =
(new_RE(
[ qr'^ScamNailer\.' => 0.0 ]
));

...??

Also, are there any suggestions based on experience for such 
sanesecurity score maps, aiming at eliminating (or reducing to a very 
very low rate) false positives? We can stand some false negatives, but 
it is very important to avoid false positives.

Any advice or reference would be appreciated.

Best regards,
Nick