Jump to content

Mail Security - Where To Report False Positives Or Negatives


Go to solution Solved by Aryeh Goretsky,

Recommended Posts

I've received a couple of mails from the Apple iTunes store (app purchases) and all of these mails are classified as spam.

 

Header:

X-Eset-Antispam: SPAM;98;calc;2014-08-12 04:53:32;1408120453320003;F6C9

Debug log:

Sun Aug 10 02:00:05 2014 0xf04fdb40 Reliability : Inside SCMessage::getExtraInfo custom_rules
Sun Aug 10 02:00:05 2014 0xf04fdb40 SUMMARY,98,0,0,33a0777c6cb05a1e,d41d8cd98f00
b204,do_not_reply@itunes.com,email_replaced,RULES_HIT:10849,0,RBL:none,CacheIP:
none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:,
DNSBL:none,Custom_rules:0:0:0

All of these Apple mails gets a score of 98 but I can't see why. Emails are signed with DKIM, not on any blacklist...

 

But some spam mails gets a really low score of 10.

 

So, where to report such emails?

 

Thanks.

 

--

Daniel

Link to comment
Share on other sites

  • ESET Moderators
  • Solution

Hello,

Please save off a few of the emails with complete header information, compress them in a password-protected archive and submit them to ESET's threat research lab per ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?."

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

Hi,

 

thank you for your answer.

 

I’ve reported a couple of mails (false postives/negatives) to samples@eset.com and got one reply, that I should open a support ticket to get the problem solved with the misclassified email from the Apple App Store. OK, I don’t know exactly why but I have opened a ticket. A score of 98 (running mail security with default settings) for Apple mails should not happen. I'm sure, Mailshell scans thousands of such mails every day.

 

I’ve reported a couple of other mails today (false negatives) and will wait if reporting of such mails is worth the time. At the moment, it’s really annoying; I have expected much more - a more precise classification of spam and working configurations (yes, there’s another support call open because some configuration options are not working…).

 

--

Daniel

Edited by daniel74
Link to comment
Share on other sites

  • 1 year later...

Whenever you submit samples it is important to include as much information as possible. Just sending a sample won't do.

 

Please also include:
 
1. Your username (e.g. EAV-123456789) or public ID
 
2. A small description of your environment:
- Where is ESET Mail Security for Windows installed?
- Which operating system are you using?
- Is your OS up-to-date?
- How much RAM, what kind of disk capacity, which CPU?
- Is the server multihomed? (i.e. are there multiple Ethernet interfaces)?
 
3. Which email client is installed on the workstations? Which operating system is installed on the workstations? Which antivirus software is installed on the workstations?
 
4. Which version of Exchange are you using? Following versions are supported:
- Microsoft Exchange Server 2003 SP1, SP2
- Microsoft Exchange Server 2007 SP1, SP2, SP3
- Microsoft Exchange Server 2010 SP1, SP2, SP3
- Microsoft Exchange Server 2013 CU2, CU3, CU4 (SP1), CU5, CU6, CU7, CU8
- Microsoft Exchange Server 2016 
 
5. What are the Microsoft Exchange Server role(s)?
- Mailbox Server role
- Client Access Server role
- Hub Transport Server role
- Edge Transport Server role
- Unified Messaging Server role
 
Please note antispam only works with Hub and Edge Transport Transport Server role.
 
6. Which version of ESET Mail Security for Exchange (EMSX) are you using? Open ESET Mail Security > Help and Support > About ESET Mail Security.
 
7. Which ESET Mail Security components are installed? Open ESET Mail Security > Help and Support > About ESET Mail Security > please click Copy and email that to ESET.
 
8. Please provide at least 10 samples of legitimate emails that were wrongly classified as spam (false positives) or spam that was wrongly classified as legitimate email (false negatives) in the EML format.
 
9. An ESET Log Collector report.
 
How do I use ESET Log Collector?
 
Please zip everything into one file and email it to ESET.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...