Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2933 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False Positive

James Shakour
So what exactly happens when you use the "Release and report false positive" option in Mail Manager?


This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to Peter-Paul Gras

    I think this is a different question, Doug.  This has to do with anti-spam, in particular with ctasd (the CommTouch anti spam daemon).  For every incoming email, ctasd calculates a RefID like:

    RefID:str=0001.0A02020E.5CCF3583.000E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0

    This is sent to a cloud server at CYREN (formerly CommTouch) that then compares the RefID to its database of RefIDs of known spams and responds with 'Confirmed' (an almost-perfect match with one), 'Bulk' (a close match), 'Suspect' or 'Unknown'.  Bulk is qualified as Spam.  Unknown and Suspect are delivered.

    When one reports it as a false positive, this is relayed to CYREN.  I don't know the details of how they use that to automatically update their database.

    Cheers - Bob

  • 0 in reply to BAlfson

    Thank you for elaborating on this Bob.