yes, I hate those silly knock off spams.
but, this rule seems to be way too aggressive.
50_scores.cf:score FS_REPLICA 1.630 3.599 2.028 3.599 # n=2
50_scores.cf:score FS_REPLICAWATCH 3.237 1.715 1.733 3.015 # n=2
72_active.cf:##{ FS_REPLICA
72_active.cf:header FS_REPLICA Subject =~ /replica/i
72_active.cf:describe FS_REPLICA Subject says "replica"
72_active.cf:##} FS_REPLICA
72_active.cf:##{ FS_REPLICAWATCH
72_active.cf:header FS_REPLICAWATCH Subject =~ /replica watch/i
72_active.cf:describe FS_REPLICAWATCH Subject says Replica watch
72_active.cf:##} FS_REPLICAWATCH
you need ONE or the other, maybe, if a subject line says 'replica
watch', both rules hit, and you have a 6.6 point score.
if one hits (replication.. as in database replication, disaster recovery
replication, civil war replica. ANYTHING, you have a 3.6 point score.
anyone else think that ANY rule that scores above a 3 is asking for trouble?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
