Page 1 of 1
Razor false positives
Posted: 29 Dec 2016 14:15
by robertboyl
Hi, everyone
Is anyone else getting several false positives due to Razor? It scores so much and ends up deciding wrongly.
Didnt find how to report false positive to them.
Does anyone know?
Thanks!
Re: Razor false positives
Posted: 02 Jan 2017 20:14
by ovizii
I just noticed my results look a bit weird too but it scores SPAM about 66% of the time.
Code: Select all
RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% 1.89 72 24 33.3 48 66.7
RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.92 72 24 33.3 48 66.7
RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% 0.50 72 24 33.3 48 66.7
Re: Razor false positives
Posted: 09 Jan 2017 17:22
by robertboyl
Thank you, Ovizii. Were you able to check if it does more good than bad?
I saw it contribute quite a bit to cause false positive several times.
And what is really negative it headers are still being added after the message has been analyzed by Razor, so when you run the checksum on the complete message, you won't get the same result as when Razor first analyzed it and thus we tried to report FP with no success.
Thinking of putting score 0 for such rule...
Thanks.
Re: Razor false positives
Posted: 10 Jan 2017 11:12
by ovizii
nope, sorry, I slipped, fell and smashed my macbook. offline until my new device arrives. feels horrible
what do your stats say about razor? go to EFA => Reports => SA Rule Hits