You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Munroe Sollog <so...@digiraticonsulting.com> on 2011/05/09 00:55:34 UTC
SaneSecurity custom rules
I am working on adding some rules to SA so that SA adds more points when
detecting a signature. Here is a pastebin of the headers and the rules:
http://pastebin.com/qnwbSq5d
It should be adding 4 points as per my rule, but as it is it is only
adding 0.1 points.
--
Munroe Sollog
Digirati Consulting
www.digiraticonsulting.com
610-332-7234 x805
Re: SaneSecurity custom rules
Posted by Mark Martinec <Ma...@ijs.si>.
> header L_AV_Unofficial X-Amavis-AV-Status =~
> m{\bAV:Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL\b}
> Which seems to be scoring 4 just fine:
> X-Spam-Status: ... tests=[.. L_AV_Unofficial=4
Indeed.
> The weird part is this:
>
> X-Spam-Status: ...
> tests=[AV:Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL=0.1
>
> You seem to have a very strangely named test
> "AV:Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL" with a score of 0.1, which
> isn't defined anywhere in the example you gave.
The AV:Snesecurity... hit is inserted directly by amavisd,
based on your @virus_name_to_spam_score_map setting.
It is common to have such amavisd rules to score low and then
have a SpamAssassin rule on the same or similar AV pattern for a
higher score, the way you have it. This way other SpamAssassin
mechanisms like Bayes, AWL, autolearning can take benefit of it.
Mark
Re: SaneSecurity custom rules
Posted by da...@chaosreigns.com.
On 05/08, Munroe Sollog wrote:
> I am working on adding some rules to SA so that SA adds more points when
> detecting a signature. Here is a pastebin of the headers and the rules:
>
> http://pastebin.com/qnwbSq5d
>
> It should be adding 4 points as per my rule, but as it is it is only
> adding 0.1 points.
It looks like you're talking about one specific rule, and then gave us an
example with a pile of custom rules without telling us which one you were
talking about. Which is annoying.
But I think it's this one:
header L_AV_Unofficial X-Amavis-AV-Status =~ m{\bAV:Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL\b}
Which seems to be scoring 4 just fine:
X-Spam-Status: ... tests=[.. L_AV_Unofficial=4
The weird part is this:
X-Spam-Status: ... tests=[AV:Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL=0.1
You seem to have a very strangely named test
"AV:Sanesecurity.TestSig_Type4_Hdr.2.UNOFFICIAL" with a score of 0.1, which
isn't defined anywhere in the example you gave.
--
"Forget not that the earth delights to feel your bare feet and the winds
long to play with your hair." - Kahlil Gibran
http://www.ChaosReigns.com