On 28 Aug 2019, at 16:48, John Hardin <jhar...@impsec.org> wrote: > > On Wed, 28 Aug 2019, Samy Ascha wrote: > >> Today, I encountered, for the first time, an issue with scanning an email >> that is composed in Spanish. >> >> It is hitting a fuzzy match somewhere in the DRUGS_ERECTILE and >> DRUGS_ERECTILE_OBFU rules matches. >> >> I'm generally looking for a way to manipulate these edge cases, where >> languages are likely to match rules assuming English for the body text. >> >> Is there any best-practice for this? I'm sure this happens in others' >> networks, but I'm totally unsure on how to best resolve this. >> >> Anything in the way of configuration to combat this, e.g. by combining >> language detection with other tags? >> >> Or, should I look into writing my own plugin to do something similar? > > Generally the approach is to add an exclusion for the specific valid > non-english word to the rule itself. > > Is it possible for the FP message to be provided for analysis? (Post to > pastebin or similar and post that URL here.) > > As this is a body rule, feel free to mangle the headers as needed for > privacy, apart possibly from the Subject... > > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > There is no doubt in my mind that millions of lives could have been > saved if the people were not "brainwashed" about gun ownership and > had been well armed. ... Gun haters always want to forget the Warsaw > Ghetto uprising, which is a perfect example of how a ragtag, > half-starved group of Jews took 10 handguns and made asses out of > the Nazis. -- Theodore Haas, Dachau survivor > ----------------------------------------------------------------------- > Today: Exercise Your Rights day
Thank you. That is a good suggestion. The message body is available here: https://pastebin.com/S73gcDVj <https://pastebin.com/S73gcDVj> I realise this message hits a bunch of other rules, but the question remains the same ;) On a side note. I've not really been searching for it yet, but is there a preferred way to do a one-shot scan + analyse of a message with Spamassassin? Something any of you would use to analyse the message in this case, for example? Grtz, Samy
