False Positives

Troubleshooting and help for FirstAlert spam database
User avatar
stan_qaz
Omniscient Kiwi
Location: Gilbert, Arizona
Posts: 8671
Joined: Fri Jul 25, 2008 5:13 am

False Positives

Tue Sep 16, 2008 3:42 pm

What address do we submit false positive messages to?

Might want to sticky and lock the answer.
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: False Positives

Tue Sep 16, 2008 4:40 pm

Good idea, will see about adding that.
User avatar
MrBill
Prudent Pukeko
Contact:
Location: Santa Cruz, CA
Posts: 867
Joined: Sun Jul 27, 2008 4:19 am

Re: False Positives

Sun Oct 12, 2008 8:05 am

See my complaint in the beta forum. I think reporting false positives should be much easier than this.
User avatar
MrBill
Prudent Pukeko
Contact:
Location: Santa Cruz, CA
Posts: 867
Joined: Sun Jul 27, 2008 4:19 am

Re: False Positives

Thu Sep 24, 2009 3:31 pm

I reported a false positive the other day - a message that is sent from my ISP to me only, and never to anyone else([#FNX-924280]: iHwy Detected Potential Virus). Jeremy replied that it was in the database and he had removed it. What he didn't explain was how it could have gotten there. I'm mystified - but it doesn't seem like this is a case of unreliable end user reporting.
Bill Walton
User avatar
rusticdog
Firetrust Monkey
Posts: 15864
Joined: Mon Jun 13, 2005 6:27 pm

Re: False Positives

Thu Sep 24, 2009 3:37 pm

FirstAlert gets fed emails from MailWasher Enterprise Server, these emails don't have to be an exact match either to be caught. Your ISP would presumably send these emails to all customers when a virus was detected.
User avatar
MrBill
Prudent Pukeko
Contact:
Location: Santa Cruz, CA
Posts: 867
Joined: Sun Jul 27, 2008 4:19 am

Re: False Positives

Fri Sep 25, 2009 1:24 am

MailWasher Enterprise Server, these emails don't have to be an exact match
So it comes down to some sort of automatic criteria-based match, depending on how some end-user has their Mailwasher Enterprise Server set up, with no manual review to verify (or the user didn't properly verify). All the more reason to have a quick, one-button way within MailWasher to report false positives.

I was thinking it was unlikely that another customer of my tiny mountain-town ISP would be running MailWasher Enterprise Server, but I guess lots of ISPs contract with Postini for the pre-filter service and the message is pretty similar for all of them (customized to look like a service of the ISP, but that still makes them very similar).
Bill Walton

Return to “Troubleshooting and Help”