On 11/9/2015 12:15 PM, Amir Caspi wrote:
On Nov 9, 2015, at 10:09 AM, John Hardin <jhar...@impsec.org> wrote:
score URI_MALWARE_CWALL 6.000
Is your threshold higher than 5? Otherwise this is a poison pill for a
"potential" hit.
--- Amir
thumbed via iPhone
There's a lot of things that can bring that down, like TxRep or white RBLs.
Definitely check the rule with a lower score first, but with the right
S/O I would consider scoring it that high. If your users don't have
backups, it might be worth some light FP potential to avoid giving the
"you have to pay $600 or lose everything" talk.
