rwmaillists at googlemail
Nov 3, 2011, 8:05 AM
Post #6 of 6
On Thu, 3 Nov 2011 05:25:30 -0700 (PDT)
> So, in some cases they are using Joomla hacked sites, in others
> somewhat randomly hacked crap. The subject ruleset is failsafe and I
> did not encounter one false positive as of yet. Mind you, the "^FW:
> "part at the beginning of the ruleset is rather specfic in
> combination with the rest of the subject.
I have a similar rule, but it doesn't require "^FW:" since I've found
that comes and goes.
Personally I wouldn't score a rule like this at anywhere near 18,
mine's still scored at 1.0. I find that with training they all hit
BAYES_99, so it doesn't take much to catch them.