Hello, I don't see a lot of action on this list, I hope someone will read me here. Is Razor2 still being used, by the way?
I'm seeing a lot of false positives with Razor2 scans on my domain. I did some research (adding some verbosity printf's and running razor-check -d < false_positive_email). I noticed the following facts: - because in Whiplash.pm, line 655, the line-wrap kill is commented out, a lot of URL's are not found (in a real-life e-mail only 3 URLs were found out of 14 URLs present in the e-mail) - due to my domain name bgs.org and the Whiplash.pm "canonify" function, all URLs on my domain are being canonified to "bgs.org". That wouldn't be bad, if the hash for that domain wouldn't be marked as being 100% SPAM (e=8 sig=PhKPm4hzfMkA: Is spam: cf 100 >= min_cf 21). Is this "Spam" an indicator for "bulk" or is it an indicator for "unsolicited e-mail"? How can this situation be handled? (i.e. what are the rules for the bgs.org hash to be considered non-spam?). Thank you for your help/comments/advice/... -- Stef Simoens BGS.org hostmaster ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Razor-users mailing list Razor-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/razor-users
