You can score the various result codes of sniffer differently.
SNIFFEREXP external 62 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 7 0
SNIFFEROBFUS external 61 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 10 0
SNIFFERGREY external 60 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 5 0
SNIFFERCASINO external 59 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERDEBT external 58 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERGETRICH external 57 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERINK external 56 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERMALWARE external 55 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 55 0
SNIFFERPORN external 54 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERSCAM external 53 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERPHARM external 52 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERSPAMWAR external 51 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERTHEFT external 50 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERAV external 49 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERINSURAN external 48 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFERTRAVEL external 47 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 15 0
SNIFFER external 63 "X:\Sniffer\<your sniffer.exe> xxxxxxxxxxxxxxxx" 10 0
See http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html
For the different result codes.
Darrell
nick writes:
Pete -
From: "Pete McNeil" <[EMAIL PROTECTED]>I would if I knew how..; actually I do not know what "Group 60 " is or better said how I could score differently. Is it because I am only uing the demo setup?One thing you should definitely do with sniffer is to weight group 60 lower than the others. Group 60 is the gray hosting group which will cause many false positives if not countered with appropriate white rules. If you make this adjustment you should see very few false positives.
Note: - I am *very* happy with Sniffer. Especially since I am only using the demo. Thanks for making it available!
-Nick Hayer
---
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
------------------------------------------------
Check Out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
