Le 20/08/2010 17:12, Jan P. Kessler a écrit :
Hi,
we use spamassassin with the sought ruleset since several years at our
company. After the upgrade to from 3.2.5 to 3.3.1 we notice tons of
false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
Unfortunaley I can not give examples as these messages contain
confidental customer data (assurance company). We had more than 100
false-positives with these rules in the last 2 days.
I have drastically lowered the score from 4.0 to 1.0 for both rules and
wanted to ask if anybody else noticed that?
Cheers, Jan
below is an FP which is a "public" mail. I'm going to zero the
corresponding rules (I prefer false negatives, which help improving
local rule, over false positives, exceptionally when I "can't explain
why").
============= FP sample
Return-Path: <websecurity-return-7218-mouss=ml.netoyen....@webappsec.org>
Delivered-To: mouss+s...@ml.netoyen.net
Received: from imlil.netoyen.net (localhost [127.0.0.1])
by imlil.netoyen.net (Postfix) with ESMTP id A2E97E54898
for <mouss+s...@ml.netoyen.net>; Mon, 8 Nov 2010 18:42:45 +0100 (CET)
X-Relay-Countries: US
X-Virus-Scanned: amavisd-new at netoyen.net
X-Spam-Flag: YES
X-Spam-Score: 5.284
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.284 required=5 tests=[COUNTRY_US=0.01,
JM_SOUGHT_3=4, RDNS_NONE=1.274] autolearn=no
Received: from cgisecurity.net (unknown [199.125.85.46])
by mx.netoyen.net (Postfix) with SMTP id A8EA4E54829
for <mo...@ml.netoyen.net>; Mon, 8 Nov 2010 18:42:43 +0100 (CET)
Received: (qmail 18910 invoked by uid 1017); 8 Nov 2010 18:36:41 -0000
Mailing-List: contact websecurity-h...@webappsec.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:websecur...@webappsec.org>
List-Help: <mailto:websecurity-h...@webappsec.org>
List-Unsubscribe: <mailto:websecurity-unsubscr...@webappsec.org>
List-Subscribe: <mailto:websecurity-subscr...@webappsec.org>
Delivered-To: mailing list websecur...@webappsec.org
Delivered-To: moderator for websecur...@webappsec.org
Received: (qmail 37779 invoked from network); 7 Nov 2010 18:51:51 -0000
MIME-Version: 1.0
In-Reply-To: <005301cb7ad5$b2875f30$c103f...@ml>
References: <002301cb7944$a7619b80$c103f...@ml>
<aanlktimabfxcsrqdul=qvawxoqursqnt7nzefj2p7...@mail.gmail.com>
<005301cb7ad5$b2875f30$c103f...@ml>
From: YGN Ethical Hacker Group <li...@yehg.net>
Date: Mon, 8 Nov 2010 01:57:16 +0800
Message-ID: <aanlktimtbamufvwexpwqbcdl4bb55ai31hxwpcd6r...@mail.gmail.com>
To: MustLive <mustl...@websecurity.com.ua>
Cc: websecur...@webappsec.org
Content-Type: text/plain; charset=UTF-8
Subject: Re: [WEB SECURITY] [New Tool Announcement] inspath - Path
Disclosure Finder
Hi MustLive
Thanks for your suggestion.
Searching for Google Cache might be a good feature to add in inpathx
but I'm afraid this realm should/can be done with other tools like
SiteDigger (http://www.foundstone.com/us/resources/proddesc/sitedigger.htm).
---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
To unsubscribe email websecurity-unsubscr...@webappsec.org and reply to
the confirmation email
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
