Hi James,
I'll take a look at the casino case you mentioned... in the mean time.. if
you look here you should see some example score mappings...
http://sanesecurity.com/support/problems/
Cheers,
Steve
Web: sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
On 30 May 2016 07:35:52 James Birkett <jm.birkett@xxxxxxxxx> wrote:
I'm looking into using the sanesecurity signatures with Spamassassin. In
particular, I would like to score the rules based on the false positive
rates listed at http://sanesecurity.com/usage/signatures/, and I would like
to block malware outright but only mark up spam (and filter it into a junk
folder).
Problem is, spamassassin gives me the signature name, but not the file it
was in, whereas that page lists false positive rates for each file. I can
use regular expressions to work out which signatures come from which files,
which appears to work correctly for the files that are listed with medium
or high false positive rates, but it's not working for distinguishing
between the other files. For example, there are 'Sanesecurity.Malware' and
'Sanesecurity.Casino' signatures in both scam.ndb and phish.ndb – is this
intended?
Thanks,
James
