ScamNailer False Positives
Jules Field
MailScanner at ecs.soton.ac.uk
Wed Sep 12 13:43:40 IST 2012
On 12/09/2012 11:19, M A Young wrote:
> On Tue, 11 Sep 2012, Dan H. Eicher wrote:
>
>> I'm in the process of transitioning from:
>> Solaris+amavisd+postfix+dovecot+procmail -to-
>> Redhat 6.3+MailScanner+postfix+dovecot+procmail
>>
>> I thought I would try here, as sanesecurity points me to:
>> scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer.
>>
>> Almost all the emails I get from UFL's helpdesk are marked as:
>> “ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL” and quarantined.
>
> You need to work out what ScamNailer is objecting to, also whether the
> scamnailer version and the data you are working from is up to date.
>
> If an address is listed incorrectly, I believe the scamnailer data
> originates from http://code.google.com/p/anti-phishing-email-reply/ so
> you could look there to get false positives and no-longer-positives
> removed (Help Desk addresses can be used in spam so it might have been
> listed legitimately).
Only a bit of the ScamNailer data comes from there. Most of it is
derived elsewhere entirely.
If you hit false positives, please report them to
scamnailer at ecs.soton.ac.uk.
Thanks!
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
'All programs have a desire to be useful' - Tron, 1982
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list