SA Bugzilla – Bug 5982
False Positive on DRUGS_STOCK_MIMEOLE rule
Last modified: 2019-06-19 15:54:32 UTC
Created attachment 4370 [details] Example false positive hit on rule DRUGS_STOCK_MIMEOLE I have what appears to me to be a completely legitimate mail message from a person who has the following in the mail header. X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 That is triggering both __MIMEOLE_1106 and __MAILER_OL_5510 which triggers DRUGS_STOCK_MIMEOLE for 3.5 points. That seems to be an overly agressive combination. Should the rule be double checked? I raised this on spamassassin users mailing list and was asked to file this as a bug here. I have carefully sanitized the names and email addresses of other people in this message so that this still is a good sample email for this problem but doesn't expose real names or email addresses.
Removed the legacy DRUGS_STOCK_MIMEOLE rule anyway.. Sending rulesrc/sandbox/jm/20_basic.cf Transmitting file data .done Committing transaction... Committed revision 1861635.