Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False Positive

James Shakour
So what exactly happens when you use the "Release and report false positive" option in Mail Manager?


This thread was automatically locked due to age.
Parents
  • 0

    Has this ever been answered?

     

    I'm interested too, wondering if the UTM is learning or wheather it is only reported back to Sophos?

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Reply
  • 0

    Has this ever been answered?

     

    I'm interested too, wondering if the UTM is learning or wheather it is only reported back to Sophos?

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Children
  • +1 in reply to Peter-Paul Gras

    I think this is a different question, Doug.  This has to do with anti-spam, in particular with ctasd (the CommTouch anti spam daemon).  For every incoming email, ctasd calculates a RefID like:

    RefID:str=0001.0A02020E.5CCF3583.000E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0

    This is sent to a cloud server at CYREN (formerly CommTouch) that then compares the RefID to its database of RefIDs of known spams and responds with 'Confirmed' (an almost-perfect match with one), 'Bulk' (a close match), 'Suspect' or 'Unknown'.  Bulk is qualified as Spam.  Unknown and Suspect are delivered.

    When one reports it as a false positive, this is relayed to CYREN.  I don't know the details of how they use that to automatically update their database.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you for elaborating on this Bob.

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Unfiltered HTML