Noted. In fact, after looking through it in the short term I personally have opted to just take the MAILSPLOIT rules section. Should be pretty static I think.
On 13/12/2017 22:24, sha...@shanew.net wrote:
Note that after enabling KAM.cf, you'll want to watch more closely for false positives and possibly adjust scores as necessary. I think it's a great addition to the default rules, but it's primarily tuned to Kevin's environment (though he's open to improvements) and some of the rules/scores may not be appropriate for your environment.
