[sniffer] Re: Bad Rule: 1604021
Thanks for reporting this, Pete! My numbers were more extreme than Pi-Web's. That bad rule triggered on 18,023 messages yesterday. Due to the rest of my spam software, two-thirds were either passed (as presumed ham) or deleted (as very spammy). So the one-third that was held, I re-scanned today. MessageSniffer today would catch 6,419, and ignore 218. Of the 218 that MessageSniffer would ignore today, 17 are spam and the rest really are ham. Andrew. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, October 15, 2007 1:00 PM To: Message Sniffer Community Subject: [sniffer] Bad Rule: 1604021 Hello Sniffer Folks, This is an alert about a potentially bad rule 1604021. The rule was an abstract pattern for some of today's image spam. Indications are that the final coding was too broad. The rule was in place for approximately 5 hours ending about 30 minutes ago. Some differences in timing are inevitable since all rulebases are compiled individually. If you have the ability to release and rescan from quarantine based on SNF rule IDs then we recommend executing that process against this rule id: 1604021. Hope this helps, Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Bad Rule: 1604021
Hi Pete, We have fileret out 169 mails based on this rule. Most are spam. I have just collected the latest rulebase - it is from 20.00, The false positive are still taken as spam. If you want the 169 please let me know. --22:37:49-- http://www.sortmonster.net/Sniffer/Updates/xx.snf = `xx.new.gz' Resolving www.sortmonster.net... done. Connecting to www.sortmonster.net[207.97.242.65]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/x-sortmonster] Server file no newer than local file `xxx.snf' -- not retrieving. Hello Sniffer Folks, This is an alert about a potentially bad rule 1604021. The rule was an abstract pattern for some of today's image spam. Indications are that the final coding was too broad. The rule was in place for approximately 5 hours ending about 30 minutes ago. Some differences in timing are inevitable since all rulebases are compiled individually. If you have the ability to release and rescan from quarantine based on SNF rule IDs then we recommend executing that process against this rule id: 1604021. Hope this helps, Thanks, _M -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Bad Rule: 1604021
Hi Pete, Checked all manuelly, 7 of 155 was good. The new rule database don't match on any of the 7. All 155 is matched as spam. Monday, October 15, 2007, 4:43:03 PM, you wrote: Hi Pete, We have fileret out 169 mails based on this rule. Most are spam. That's good to hear. Thanks! _M -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
