Hello,
I'm busy configuring the user.conf / master.conf.
Sorry if this was explained / discussed somewhere already,
but i couldn't find it.
The dbs_rating settings explanation in master.conf throws me off a little.
To prevent false positives, i would expect that say a MEDIUM setting would
only use signatures from required until medium (from down to up).
But looking at the below rows taken from master.conf, if i would set LOW,
it would use low, medium and high rating signatures. This would make no sense
to me, as (logically, i think) one would want to choose for a maximum risk on
false
positives.
So how to set dbs_rating if one would want to go no higher than medium?
Thanks,
Tony
# Rating (False Positive Rating)
# valid ratings:
# REQUIRED : always used
# LOW : used when the rating is low, medium and high
# MEDIUM : used when the rating is medium and high
# HIGH : used when the rating is high
# LOWONLY : used only when the rating is low
# MEDIUMONLY : used only when the rating is medium
# LOWMEDIUMONLY : used only when the rating is medium or low
# DISABLED : never used, or you can also comment the line out if you want
#
# Old Format is still supported, requiring you to comment out files to disable
them
# old_example_dbs="
# file.name #LOW description
# "
# Default dbs rating
# valid rating: LOW, MEDIUM, HIGH
default_dbs_rating="LOW"
# Per Database
# These ratings will override the global rating for the specific database
# valid rating: LOW, MEDIUM, HIGH, DISABLED
#sanesecurity_dbs_rating=""
#securiteinfo_dbs_rating=""
#linuxmalwaredetect_dbs_rating=""
#yararulesproject_dbs_rating=""
