[sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"
- From: "MxUptime.com" <info@xxxxxxxxxxxx>
- To: <sanesecurity@xxxxxxxxxxxxx>
- Date: Tue, 14 Jul 2009 23:37:56 +0800
Just chiming in here a little. False positives is to be expected in any spam
filtering system. Even commercial systems which cost thousands of dollars
have false positives. The false positive rate produced here is actually
quite low and commendable.
IMHO, One of the reason the issue gets more attention is because there is a
lag time (due to sync and download from mirrors) from the time the false
positive is reported and when they are removed and rolled out on the next
update. Compared to your traditional DNS bases SURBLs which have near
realtime updates. So while false positives do occur in surbls, etc they have
an advantage of correcting the FP in realtime.
I feel that with time and usage and as the URL based signatures mature ,the
false positives rate would drop. In the meantime perhaps we can look into a
more structured way of reporting FPs so that these could be looked into more
quickly. In addition, Perhaps one way would be to include the unconfirmed
/probable false positives in a local.ign file which would be downloaded
together with the sigs
Cheers
Other related posts:
