daniel74 1 Posted August 12, 2014 Share Posted August 12, 2014 I've received a couple of mails from the Apple iTunes store (app purchases) and all of these mails are classified as spam. Header: X-Eset-Antispam: SPAM;98;calc;2014-08-12 04:53:32;1408120453320003;F6C9 Debug log: Sun Aug 10 02:00:05 2014 0xf04fdb40 Reliability : Inside SCMessage::getExtraInfo custom_rules Sun Aug 10 02:00:05 2014 0xf04fdb40 SUMMARY,98,0,0,33a0777c6cb05a1e,d41d8cd98f00 b204,do_not_reply@itunes.com,email_replaced,RULES_HIT:10849,0,RBL:none,CacheIP: none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:, DNSBL:none,Custom_rules:0:0:0 All of these Apple mails gets a score of 98 but I can't see why. Emails are signed with DKIM, not on any blacklist... But some spam mails gets a really low score of 10. So, where to report such emails? Thanks. -- Daniel Link to comment Share on other sites More sharing options...
ESET Moderators Solution Aryeh Goretsky 378 Posted August 13, 2014 ESET Moderators Solution Share Posted August 13, 2014 Hello, Please save off a few of the emails with complete header information, compress them in a password-protected archive and submit them to ESET's threat research lab per ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?." Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
daniel74 1 Posted August 13, 2014 Author Share Posted August 13, 2014 (edited) Hi, thank you for your answer. I’ve reported a couple of mails (false postives/negatives) to samples@eset.com and got one reply, that I should open a support ticket to get the problem solved with the misclassified email from the Apple App Store. OK, I don’t know exactly why but I have opened a ticket. A score of 98 (running mail security with default settings) for Apple mails should not happen. I'm sure, Mailshell scans thousands of such mails every day. I’ve reported a couple of other mails today (false negatives) and will wait if reporting of such mails is worth the time. At the moment, it’s really annoying; I have expected much more - a more precise classification of spam and working configurations (yes, there’s another support call open because some configuration options are not working…). -- Daniel Edited August 13, 2014 by daniel74 Link to comment Share on other sites More sharing options...
RvW 6 Posted April 11, 2016 Share Posted April 11, 2016 Whenever you submit samples it is important to include as much information as possible. Just sending a sample won't do. Please also include: 1. Your username (e.g. EAV-123456789) or public ID 2. A small description of your environment: - Where is ESET Mail Security for Windows installed? - Which operating system are you using? - Is your OS up-to-date? - How much RAM, what kind of disk capacity, which CPU? - Is the server multihomed? (i.e. are there multiple Ethernet interfaces)? 3. Which email client is installed on the workstations? Which operating system is installed on the workstations? Which antivirus software is installed on the workstations? 4. Which version of Exchange are you using? Following versions are supported: - Microsoft Exchange Server 2003 SP1, SP2 - Microsoft Exchange Server 2007 SP1, SP2, SP3 - Microsoft Exchange Server 2010 SP1, SP2, SP3 - Microsoft Exchange Server 2013 CU2, CU3, CU4 (SP1), CU5, CU6, CU7, CU8 - Microsoft Exchange Server 2016 5. What are the Microsoft Exchange Server role(s)? - Mailbox Server role - Client Access Server role - Hub Transport Server role - Edge Transport Server role - Unified Messaging Server role Please note antispam only works with Hub and Edge Transport Transport Server role. 6. Which version of ESET Mail Security for Exchange (EMSX) are you using? Open ESET Mail Security > Help and Support > About ESET Mail Security. 7. Which ESET Mail Security components are installed? Open ESET Mail Security > Help and Support > About ESET Mail Security > please click Copy and email that to ESET. 8. Please provide at least 10 samples of legitimate emails that were wrongly classified as spam (false positives) or spam that was wrongly classified as legitimate email (false negatives) in the EML format. 9. An ESET Log Collector report. How do I use ESET Log Collector? hxxp://support.eset.com/kb3466/ Please zip everything into one file and email it to ESET. Link to comment Share on other sites More sharing options...
Recommended Posts