Automatic Updates

[Charles Gregory <cg...@hwcn.org>]

On Mon, 9 Feb 2004, Matt Kettler wrote:
> ... because I've already got a tool that covers it, complete with 
> intelligent, cryptographically signed, automatic updates and everything.

Which reminds me. The above comment is about clamav, and I know that there
has been some effort to automate updates of 'bigevil' and custom rulesets,
but I was wondering if there are any plans to automate the upgrades to
spamassassin? 

More particularly, when I read the coments on 2.63 I go the impression
that they had updated code, along with adding rules, and so I faced the
potetential for the new code perhaps 'breaking' on my system/config.
Is there anyway to get updated rules *only*, without program updates?
I realize that some updates involve 'eval' rules and that does get into
program code, but still, I think it would be nice if there was some way to
have the spamassassin rules updates work a bit more like a virus scanner
update, with new rules properlyl 'reviewed' so that people like me without
a 'corpus' could trust a 'central repository' to have a good generic set
of rules, and have them updated often enough to catch the new spammer
'tricks' within a week or so?

Just a stray idea (and possibly too much wishful thinking). :-)

- Charles

Re: Automatic Updates

[Matt Kettler <mk...@comcast.net>]

At 11:30 PM 2/9/04 -0500, Charles Gregory wrote:
>A very good, compelling argument for the need to thoroughly
>research/balance scoring, etc. However, I would still like to advocate the
>idea of incremental rule 'adjustment'. Specifically, I think of the
>rapidly evolving obfuscation of everyone's favourite V drug. The spammers
>are adjusting their 'tricks' on an almost weekly basis, and it seems to me
>that in many instances, the obfuscation is only a variant not caught by
>spamassassin but does not represent a serious difference to the spam/ham
>ratio. If SA checks for 'abc_d' and the following week the spammers start
>using 'ab_cd', why should this take a month or so to update?


Agreed, and this is currently the role filled by the add-on rulesets 
written by many of the SA advocates and users (myself included).

Ideally, it would be very beneficial if the add-on rulesets became more 
organized and formalized via some kind of "micro GA" system with an 
organized release and scoring system.

However, for the general ruleset, there's by far too many ties to take 
things to the length of thinking that the "rules" are somehow not part of 
the "code" and can somehow be "updated" without it. Even without the 
extensive GA process, The HTML tokenizer, QP decoder, and other parts of 
the "code" have deep running implications on many of the rules. Not to 
mention rules that are actually implemented directly in the code itself 
(eval tests are actually IN the code itself, and called from a rule name).

See http://wiki.spamassassin.org/w/CustomRulesets for a decent listing of 
add-on rulesets that are being worked on.

Some of these will likely be folded back into the official SA sooner or 
later, some may always exist as add-ons.

Re: Automatic Updates

[Charles Gregory <cg...@hwcn.org>]

On Mon, 9 Feb 2004, Matt Kettler wrote:
> read the fine FAQ:
> http://wiki.spamassassin.org/w/VirusScannerTypeUpdates

A very good, compelling argument for the need to thoroughly
research/balance scoring, etc. However, I would still like to advocate the
idea of incremental rule 'adjustment'. Specifically, I think of the
rapidly evolving obfuscation of everyone's favourite V drug. The spammers
are adjusting their 'tricks' on an almost weekly basis, and it seems to me
that in many instances, the obfuscation is only a variant not caught by
spamassassin but does not represent a serious difference to the spam/ham
ratio. If SA checks for 'abc_d' and the following week the spammers start
using 'ab_cd', why should this take a month or so to update? The
functional nature of the rule remains the same, so the scoring remains the
same. 

Anyways, I don't wish to belabor a point, or open up useless arguments.
If someone sees merit in this idea, then I invite them to pursue it.
Otherwise, please accept my gratitude for such an excellent system that is
also highly customizable. Either way, thanks!

- Charles

Re: Automatic Updates

[Matt Kettler <mk...@evi-inc.com>]

At 06:46 PM 2/9/2004, Charles Gregory wrote:
>On Mon, 9 Feb 2004, Matt Kettler wrote:
> > ... because I've already got a tool that covers it, complete with
> > intelligent, cryptographically signed, automatic updates and everything.
>
>Which reminds me. The above comment is about clamav, and I know that there
>has been some effort to automate updates of 'bigevil' and custom rulesets,
>but I was wondering if there are any plans to automate the upgrades to
>spamassassin?

No, it's fundamentally not possible given what SA is, and how official 
rulesets are made...

read the fine FAQ:

http://wiki.spamassassin.org/w/VirusScannerTypeUpdates