Rejaine Monteiro wrote: > What, exactly , do the SARE rules "MY_CID...." ? > > We have too many false positives using this rules.. > > Content analysis details: (7.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.1 EXTRA_MPART_TYPE Header has extraneous > Content-type:...type= entry > 1.8 TVD_FW_GRAPHIC_NAME_LONG BODY: TVD_FW_GRAPHIC_NAME_LONG > 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close > tag > 2.1 TVD_FW_GRAPHIC_ID1 BODY: TVD_FW_GRAPHIC_ID1 > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > >>> 1.5 MY_CID_AND_STYLE SARE cid and style > >>> 1.6 MY_CID_ARIAL_STYLE SARE cid arial2 style > >>> 1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2 > > > This MY_CID.. rules are part of "70_sare_stocks_cf" > Had to these problems, I am considering to disactivate these ...CID.. > rules.
CID means that the email contains an inline image. STYLE indicates a pair of empty style tags ARIAL2 is a 2 point arial font tag So this means that your example contains an inline image and both a pair of empty style tags and a 2 point arial font tag. The test results look pretty good for these rules, but everyone's mail is different. If they are causing problems, remove them or lower the score. However, before you change things, you may want to search your logs and see how many actual spam are being caught by these rules. -- Bowie
