RE: [SAtalk] [RD] simple rule for consumption

I had several false positives today based on the BAD_X_HEADERS rule. I'm using the rules from Chris' site (Nov02). The legitimate emails had an X-URL header. All of the FPs where from a single mailing list. For what ever reason, they are providing a valid link to some content within this

RE: [SAtalk] [RD] simple rule for consumption

] Subject: RE: [SAtalk] [RD] simple rule for consumption Nope these are bogus. I have seperate rules for them in the last Rule Emporeum update. I used seperate, as they often are seen in pairs. Although I didn't tag X-Email, because I'm not sure about that one. X-Email: is pretty spammy for me

RE: [SAtalk] [RD] simple rule for consumption

-Original Message- From: Regis Wilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 1:14 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [SAtalk] [RD] simple rule for consumption *snip* Writing rules is fun! Why do you think I run 2000

RE: [SAtalk] [RD] simple rule for consumption

Nope these are bogus. I have seperate rules for them in the last Rule Emporeum update. I used seperate, as they often are seen in pairs. Although I didn't tag X-Email, because I'm not sure about that one. X-Email: is pretty spammy for me, so it is in there. I grepped my corpus for X-headers and

RE: [SAtalk] [RD] simple rule for consumption

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Santerre Sent: Wednesday, October 22, 2003 8:21 AM To: 'Regis Wilson'; [EMAIL PROTECTED] Subject: RE: [SAtalk] [RD] simple rule for consumption Nope these are bogus. I have seperate rules for them

RE: [SAtalk] [RD] simple rule for consumption

Nope these are bogus. I have seperate rules for them in the last Rule Emporeum update. I used seperate, as they often are seen in pairs. Although I didn't tag X-Email, because I'm not sure about that one. --Chris Santerre -Original Message- From: Regis Wilson [mailto:[EMAIL PROTECTED]