On Thu, 23 Jun 2011, Adam Katz wrote:
On 06/22/2011 05:42 PM, Noel Butler wrote:
Resurrecting an old thread but....
Lately I see a lot of false hits on FSL_RU_URL
The only place in the email where .ru is, is in envelope-from , from,
and the received headers, this is supposed to be
from 72_active.cf:uri FSL_RU_URL /[^\/]+\.ru(?:$|\/|\?)/i
(those also on the c-nsp list may also be seeing the same?)
This only started recently.
Full rule, originating from rulesrc/sandbox/maddoc/99_fsl_testing.cf
uri FSL_RU_URL /[^\/]+\.ru(?:$|\/|\?)/i
tflags FSL_RU_URL nopublish
score FSL_RU_URL 0.01
Scoring a rule in a sandbox is good for documentation purposes
(especially if mirroring a third-party sa-update channel), but has no
bearing on the resulting score published through the GA.
Not so. Recent changes make scores set in the sandboxes the _maximum_
score that the GA will assign.
Anybody with a sandbox should review the scores set therein and see if
the values still make sense in that context.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Windows Vista: Windows ME for the XP generation.
-----------------------------------------------------------------------
11 days until the 235th anniversary of the Declaration of Independence