Hi List,
I'm getting some FP hits against the SUBJECT_FUZZY_TION rule in
25_replace.cf (SA 3.2.5, latest update):
header SUBJECT_FUZZY_TION Subject =~ /<post P3>(?!tion)<T><I><O><N>/i
describe SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject:
replace_rules SUBJECT_FUZZY_TION
is hitting on ham from a mailing list with the following subject line:
Subject: Re: [CentOS] mount UFS partition on CentOS 5.
My regex isn't good enough to understand exactly what this rule is
trying to achieve, but it looks to me like some kind of obfuscation of
"tion" within a word, but it appears to be hitting on "partition" in
this case to my untrained eye. A test email containing just the text
"partition" in the subject line also hits this rule so would appear to
confirm my assumptions.
Could anyone help me understand what this rule is designed to hit, and
why it's hitting in this case?
Thanks.
