On Wed, 28 Aug 2019, Samy Ascha wrote:
Today, I encountered, for the first time, an issue with scanning an email that
is composed in Spanish.
It is hitting a fuzzy match somewhere in the DRUGS_ERECTILE and
DRUGS_ERECTILE_OBFU rules matches.
I'm generally looking for a way to manipulate these edge cases, where languages
are likely to match rules assuming English for the body text.
Is there any best-practice for this? I'm sure this happens in others' networks,
but I'm totally unsure on how to best resolve this.
Anything in the way of configuration to combat this, e.g. by combining language
detection with other tags?
Or, should I look into writing my own plugin to do something similar?
On 28.08.19 07:48, John Hardin wrote:
Generally the approach is to add an exclusion for the specific valid
non-english word to the rule itself.
imho the best approach would be excluding hitting exact word for valid
language, e.g. FUZZY_CREDIT shouldn't hit work "kredit" for languages where
it's written this way
but that needs deeper logic...
Is it possible for the FP message to be provided for analysis? (Post
to pastebin or similar and post that URL here.)
As this is a body rule, feel free to mangle the headers as needed for
privacy, apart possibly from the Subject...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
