On Wed, 28 Aug 2019, Samy Ascha wrote:
Today, I encountered, for the first time, an issue with scanning an email that
is composed in Spanish.
It is hitting a fuzzy match somewhere in the DRUGS_ERECTILE and
DRUGS_ERECTILE_OBFU rules matches.
I'm generally looking for a way to manipulate these edge cases, where languages
are likely to match rules assuming English for the body text.
Is there any best-practice for this? I'm sure this happens in others' networks,
but I'm totally unsure on how to best resolve this.
Anything in the way of configuration to combat this, e.g. by combining language
detection with other tags?
Or, should I look into writing my own plugin to do something similar?
Generally the approach is to add an exclusion for the specific valid
non-english word to the rule itself.
Is it possible for the FP message to be provided for analysis? (Post to
pastebin or similar and post that URL here.)
As this is a body rule, feel free to mangle the headers as needed for
privacy, apart possibly from the Subject...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no doubt in my mind that millions of lives could have been
saved if the people were not "brainwashed" about gun ownership and
had been well armed. ... Gun haters always want to forget the Warsaw
Ghetto uprising, which is a perfect example of how a ragtag,
half-starved group of Jews took 10 handguns and made asses out of
the Nazis. -- Theodore Haas, Dachau survivor
-----------------------------------------------------------------------
Today: Exercise Your Rights day
