Ham hitting too generic rule
We have a customer who is a legitimate non-spamming investment advisor. Their outbound disclaimer has the phrase investment advice which hits the rule INVESTMENT_ADVICE in 20_phrases.cf. We can certainly zero out the score in local.cf, but it seems to me this is a pretty generic phrase, and it has an awfully high score (2.199). I can well imagine people getting mail from their stock broker or the like with this phrase in it somewhere. Any chance the score can at least be reduced? -- Brian Bebeau Security Researcher - Spiderlabs Research Trustwave bbeb...@trustwave.com www.trustwave.com This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
Re: Ham hitting too generic rule
On Tue, 7 Feb 2012, Brian Bebeau wrote: We have a customer who is a legitimate non-spamming investment advisor. Their outbound disclaimer has the phrase investment advice which hits the rule INVESTMENT_ADVICE in 20_phrases.cf. We can certainly zero out the score in local.cf, but it seems to me this is a pretty generic phrase, and it has an awfully high score (2.199). I can well imagine people getting mail from their stock broker or the like with this phrase in it somewhere. Any chance the score can at least be reduced? Can you provide samples for the masscheck corpus? I'd be willing to include them in my corpora if he subscribes me, and I promise to not follow any of his advice... :) My corpora are semi-public, though (any SA dev can read them) so if the information is proprietary you might need to run local masschecks yourself, or make arrangements with someone who is doing local masschecks. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Users mistake widespread adoption of Microsoft Office for the development of a document format standard. --- 5 days until Abraham Lincoln's and Charles Darwin's 203rd Birthdays
