MBF Knowledge Base

How to handle urgent Message Sniffer false-positives

URGENT False Postives

Do not use this procedure for ordinary false positive reports. Only use this procedure for critical & urgent false positive cases. These are extremely rare. There is a built-in solution within SNF so that you can get relief in these cases immediately and on your own.

If you have an urgent false positive issue, such as a pattern rule that is capturing a large portion of your legitimate mail, you can GAIN IMMEDIATE RELIEF by:

Identify the specific rule ID that is causing the problem. You should be able to find it in your SNF log file or in the X- headers of the FP messages depending upon how you have configured your system.

Create a rule-panic entry in your configuration file for the offending rule ID. This will render the rule inert immediately without disrupting other spam filtering.

Send a simple text email to support@aremresearch.com indicating that you have a critical false positive. DO NOT include an FP example. DO include the rule ID that is causing the problem.

VERY IMPORTANT: After you have taken the above steps, follow the false positive handling process to resolve the false positive case correctly and completely.