I concur Pete in that I have been thinking about upping the weight for the EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30 and delete at 35.
SNIFFER-TRAVEL 47 20 SNIFFER-INSURANCE 48 20 SNIFFER-AV-PUSH 49 20 SNIFFER-WAREZ 50 30 SNIFFER-SPAMWARE 51 40 SNIFFER-SNAKEOIL 52 40 SNIFFER-SCAMS 53 40 SNIFFER-PORN 54 40 SNIFFER-MALWARE 55 25 SNIFFER-INKPRINTING 56 20 SNIFFER-SCHEMES 57 30 SNIFFER-CREDIT 58 30 SNIFFER-GAMBLING 59 30 SNIFFER-GENERAL 60 25 SNIFFER-EXP-ABST 61 25 SNIFFER-OBFUSCATION 62 25 SNIFFER-EXP-IP 63 20 John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of > Pete McNeil > Sent: Monday, October 09, 2006 3:15 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Experimental Abstract > > Hello Alberto, > > In earlier times we had a philosophy that no single test should trap a > message. The idea was that my combining tests the accuracy of the > filter system would always (qualified) be improved. > > The blackhats have become extremely aggressive about burning IPs and > generating image spam and/or other abstracted, short lived, and > narrowly targeted campaigns. > > As a result of these changes, it is often the case that our abstract > rules are the only thing that will fire on a message. > > The bad news is that holding on any single test will probably lead to > more false positives. > > The good news is that SNF:Experimental/Abstract has a very low false > positive rate. > > It may be time to alter our philosophy w/ regard to the > experimental/abstract rules group and recommend that wherever > practical, messages should probably be held (not deleted) based on a > hit in this rule group. > > Hope this helps, > > _M > > Monday, October 9, 2006, 5:59:44 PM, you wrote: > > > Hello > > > I'm getting storms of spam and Sniffer sets them as (Experimental > > Abstract) > > Can someone explain how have I to treat them? > > > Many thanks in advance > > Alberto > > > > > > ##################################################### > ######## > > This message is sent to you because you are subscribed to > > the mailing list <sniffer@sortmonster.com>. > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > > Send administrative queries to <[EMAIL PROTECTED]> > > > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > ##################################################### > ######## > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
