[sanesecurity] Re: False positives with MBL_346112.UNOFFICIAL
- From: Ricardo Stella <stella@xxxxxxxxx>
- To: "sanesecurity@xxxxxxxxxxxxx" <sanesecurity@xxxxxxxxxxxxx>
- Date: Wed, 21 Aug 2013 18:10:02 -0400 (EDT)
I forgot to mention... We use the sigs via Amavis. These are the rules that
were set long ago, and wonder if they should be changed...
[ qr'^MBL_NA\.UNOFFICIAL' => 0.1 ], # false positives
[ qr'^MBL_' => undef ], # keep as infected
Are sigs that end in unofficial considered false positives in this case? Cause
if thats the case, then I need to adjust this, right?
Thanks!
---
°(((=((===°°°(((================================================
On Aug 21, 2013, at 5:48 PM, Ricardo Stella <stella@xxxxxxxxx> wrote:
>
> I'm getting some false positives with this sig. What's the quickest way for
> me to whitelist it without having to disable the whole db?
>
> Thanks in advance...
>
> ---
> °(((=((===°°°(((================================================
Other related posts:
