Bug 5982 - False Positive on DRUGS_STOCK_MIMEOLE rule
Summary: False Positive on DRUGS_STOCK_MIMEOLE rule
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.2.3
Hardware: All All
: P3 normal
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-20 23:59 UTC by Bob Proulx
Modified: 2019-06-19 15:54 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Example false positive hit on rule DRUGS_STOCK_MIMEOLE text/plain None Bob Proulx [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bob Proulx 2008-09-20 23:59:33 UTC 
Created attachment 4370 [details]
Example false positive hit on rule DRUGS_STOCK_MIMEOLE

I have what appears to me to be a completely legitimate mail message from a person who has the following in the mail header.

  X-Mailer: Microsoft Office Outlook, Build 11.0.5510
  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

That is triggering both __MIMEOLE_1106 and __MAILER_OL_5510 which triggers DRUGS_STOCK_MIMEOLE for 3.5 points.  That seems to be an overly agressive combination.  Should the rule be double checked?  I raised this on spamassassin users mailing list and was asked to file this as a bug here.

I have carefully sanitized the names and email addresses of other people in this message so that this still is a good sample email for this problem but doesn't expose real names or email addresses.
Comment 1 Henrik Krohns 2019-06-19 15:54:32 UTC 
Removed the legacy DRUGS_STOCK_MIMEOLE rule anyway..

Sending        rulesrc/sandbox/jm/20_basic.cf
Transmitting file data .done
Committing transaction...
Committed revision 1861635.