Re: Suggested botnet rule scores
Kai Schaetzl wrote:[color=blue]
> John Rudd wrote on Fri, 17 Aug 2007 09:01:27 -0700:
>> 3) you can eliminate the false positives entirely by setting the score
>> to 4.0, because all of the false positives we've come across were in the
>> range 5.0 <= score < 6 (actually, smaller than 6, but definitely 6 works
> That sounds good. Will try after I have some results on the 2.0 score.
> "Unfortunately" I'm not getting much spam on my test machine that could get
> hit by Botnet. Ahm, do you use any of the other "minor" rules with small
> scores or do you keep them all at 0 as in the provided BotNet.cf?
I keep them at 0, just like in the default cf file.