----- Original Message ----- From: "nick " <[EMAIL PROTECTED]>
> From: "Pete McNeil" <[EMAIL PROTECTED]> > >One thing you should definitely do with sniffer is to weight group 60 > >lower than the others. Group 60 is the gray hosting group which will > >cause many false positives if not countered with appropriate white > >rules. If you make this adjustment you should see very few false > >positives. Pete, correct me if I am wrong, but I thought that with the free version you could only track two response codes, 55 (malware) & 63 (general)? > I would if I knew how..; actually I do not know what "Group 60 " is or better said how I could score differently. Is it because I am only uing the demo setup? > Note: - I am *very* happy with Sniffer. Especially since I am only using the demo. Thanks for making it available! Nick, here is how you can define unique scores for each Sniffer response code (at least this is how I do it): SNIFFER-TRAVEL external 047 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 05 0 SNIFFER-INSURANCE external 048 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-AV-PUSH external 049 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-WAREZ external 050 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-SPAMWARE external 051 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-SNAKEOIL external 052 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-SCAMS external 053 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-PORN external 054 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 10 0 SNIFFER-MALWARE external 055 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 10 0 SNIFFER-ADVERTISING external 056 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-SCHEMES external 057 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-CREDIT external 058 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-GAMBLING external 059 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-GREYMAIL external 060 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 05 0 SNIFFER-OBFUSCATION external 061 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 10 0 SNIFFER-SPAM external 062 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 07 0 SNIFFER-GENERAL external 063 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe AuthenticationCode" 10 0 Of course, you will have to use your own License ID and Authentication Code. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
