Hello Message Sniffer folks,

This morning a dormant rule from 2009 was reactivated when new messages reached our spamtraps this morning matching the rule.


Unfortunately rule 2654821 causes a high rate of false positives in our current year that it apparently did not cause back in 2009.

Since the rule was not recently coded and had been in the system for so many years our monitoring systems did not immediately detect the rule as a false positive case.

However, the team did discover the problem after a few hours and removed the rule.

This is the only time an old, reactivated rule has caused significant false positive cases -- so it is an exceedingly rare event. None the less we are in the process of reviewing our tools and processes to improve our sensitivity should any similar event occur in the future.

Best,

_M

--
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to  <sniffer-requ...@sortmonster.com>

Reply via email to