On Fri, 2010-08-20 at 13:42 -0400, Rob McEwen wrote:
> I think the problem is the following rule in sought:
>
> body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA 94303/
>
> which is currently hitting on many (or maybe even all ALL?) legitimate
> facebook notifications (along with the ones generated by spammers)
*sigh* Coincidentally, I spotted a SOUGHT hit on a FB invitation just
minutes after my posts to this thread. The message scored below zero,
not even close to reaching any spam threshold -- but still.
The bad seeks are 2TRLES, BFXSMX and PG0AHT, definitely matching legit
FB HTML notifications, maybe plain text, too. I've pushed a full sample
to the ham corpus already. These will be removed from the SOUGHT
rule-set by the next automated generation run. Probably within a couple
hours.
I'd be surprised to see these actually being Jan's problem, though.
Doesn't fit the description of "confidential customer data (assurance
company)" in my books. :)
If I get samples (on- or off-list), I'll take care about it.
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
