I forgot to mention... We use the sigs via Amavis. These are the rules that were set long ago, and wonder if they should be changed... [ qr'^MBL_NA\.UNOFFICIAL' => 0.1 ], # false positives [ qr'^MBL_' => undef ], # keep as infected Are sigs that end in unofficial considered false positives in this case? Cause if thats the case, then I need to adjust this, right? Thanks! --- °(((=((===°°°(((================================================ On Aug 21, 2013, at 5:48 PM, Ricardo Stella <stella@xxxxxxxxx> wrote: > > I'm getting some false positives with this sig. What's the quickest way for > me to whitelist it without having to disable the whole db? > > Thanks in advance... > > --- > °(((=((===°°°(((================================================