Default recommend configuration file /etc/modsecurity/modsecurity.conf to Malware.Expert rules.
modsecurity.conf
SecRuleEngine On SecRequestBodyAccess On SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 SecRequestBodyInMemoryLimit 131072 SecRequestBodyLimitAction ProcessPartial SecResponseBodyLimitAction ProcessPartial SecDefaultAction "phase:1,deny,log,status:406" SecDefaultAction "phase:2,deny,log,status:406" SecPcreMatchLimit 250000 SecPcreMatchLimitRecursion 250000 SecCollectionTimeout 600 SecTmpDir /tmp/ SecDataDir /tmp/ SecUploadDir /tmp/ SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJDEFHZ SecAuditLogType Serial SecAuditLog /var/log/apache2/modsec_audit.log SecArgumentSeparator & SecCookieFormat 0 SecUnicodeMapFile unicode.mapping 20127