ScamNailer False Positives
MailScanner at ecs.soton.ac.uk
Wed Sep 12 13:43:40 IST 2012
On 12/09/2012 11:19, M A Young wrote:
> On Tue, 11 Sep 2012, Dan H. Eicher wrote:
>> I'm in the process of transitioning from:
>> Solaris+amavisd+postfix+dovecot+procmail -to-
>> Redhat 6.3+MailScanner+postfix+dovecot+procmail
>> I thought I would try here, as sanesecurity points me to:
>> scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer.
>> Almost all the emails I get from UFL's helpdesk are marked as:
>> “ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL” and quarantined.
> You need to work out what ScamNailer is objecting to, also whether the
> scamnailer version and the data you are working from is up to date.
> If an address is listed incorrectly, I believe the scamnailer data
> originates from http://code.google.com/p/anti-phishing-email-reply/ so
> you could look there to get false positives and no-longer-positives
> removed (Help Desk addresses can be used in spam so it might have been
> listed legitimately).
Only a bit of the ScamNailer data comes from there. Most of it is
derived elsewhere entirely.
If you hit false positives, please report them to
scamnailer at ecs.soton.ac.uk.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
'All programs have a desire to be useful' - Tron, 1982
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner