Hi there,
I'm wondering what's the best way to troubleshoot a Bayes mistake. We get tonnes of fake bank security alert emails and nearly all of them got blocked. Imagine my surprise to see one in my own inbox this morning from barcl...@email.barclays.co.uk <mailto:barcl...@email.barclays.co.uk> So I checked the logs. What I found was more surprising. The exact same message with the exact same content (I compared the .eml files and only the headers were different) hit my server later on and was blocked by Bayes. I hadn't reported the previous one as a false negative yet. Is there any way to figure out why Bayes made a boob on the first one? Cheers, Colin. 2014-01-30 09:41:52 m1-74904-00342 [Worker_4] [TLS-in] [TLS-out] 212.227.137.50 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld HMM Check [scoring] - Prob: 1.00000 => spam 2014-01-30 09:41:52 m1-74904-00342 [Worker_4] [TLS-in] [TLS-out] 212.227.137.50 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld Message-Score: added 20 for HMM Probability: 1.0000, total score for this message is now 35 2014-01-30 09:41:53 m1-74904-00342 [Worker_4] [TLS-in] [TLS-out] 212.227.137.50 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld Bayesian Check [scoring] - Prob: 0.10750 => ham 2014-01-30 12:40:56 m1-85654-02281 [Worker_7] [TLS-out] 85.94.77.22 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld HMM Check [scoring] - Prob: 1.00000 => spam 2014-01-30 12:40:56 m1-85654-02281 [Worker_7] [TLS-out] 85.94.77.22 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld Message-Score: added 20 for HMM Probability: 1.0000, total score for this message is now 40 2014-01-30 12:40:56 m1-85654-02281 [Worker_7] [TLS-out] 85.94.77.22 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld Bayesian Check [scoring] - Prob: 0.99597 => spam 2014-01-30 12:40:56 m1-85654-02281 [Worker_7] [TLS-out] 85.94.77.22 <barcl...@email.barclays.co.uk> to: m...@mydomain.tld Message-Score: added 30 for Bayesian Probability: 0.99597, total score for this message is now 70 ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
