You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2007/01/01 02:23:10 UTC
svn commit: r491519 - in /spamassassin:
rules/trunk/sandbox/felicity/70_other.cf
rules/trunk/sandbox/felicity/sandbox-felicity.pm
trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
Author: felicity
Date: Sun Dec 31 17:23:09 2006
New Revision: 491519
URL: http://svn.apache.org/viewvc?view=rev&rev=491519
Log:
promote BASE64_LENGTH_* rules which have good results from the nightly runs
Modified:
spamassassin/rules/trunk/sandbox/felicity/70_other.cf
spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
Modified: spamassassin/rules/trunk/sandbox/felicity/70_other.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/70_other.cf?view=diff&rev=491519&r1=491518&r2=491519
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_other.cf Sun Dec 31 17:23:09 2006
@@ -229,22 +229,22 @@
header TVD_RATWARE_MSGID_02 Message-ID =~ /^[^<]*<[a-z]+\@/
########################################################################
-loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+#loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+#ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+#endif
+########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEEval
-ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
# It came up on the users@ list that some spammers generate base64 encoded
# parts with a single or a handful of long lines over the standard length,
# which hovers around 77 chars on average.
-# 1.632 1.9658 0.0000 1.000 0.90 0.01 T_BASE64_LENGTH_78
-# 1.628 1.9611 0.0000 1.000 0.90 0.01 T_BASE64_LENGTH_79
-# 1.627 1.9593 0.0000 1.000 0.90 0.01 T_BASE64_LENGTH_80
-# 1.100 1.3246 0.0000 1.000 0.87 0.01 T_BASE64_LENGTH_90
-
+# 0.798 0.9651 0.0000 1.000 0.86 0.00 BASE64_LENGTH_79_INF
+# 0.170 0.2047 0.0020 0.990 0.69 0.00 BASE64_LENGTH_78_79
body BASE64_LENGTH_78_79 eval:check_base64_length('78','79')
body BASE64_LENGTH_79_INF eval:check_base64_length('79')
endif
-########################################################################
# these don't have a large enough hitrate to be real rules, but it may be
# useful to track over time since they are 100% definite obfuscation
Modified: spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm?view=diff&rev=491519&r1=491518&r2=491519
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm (original)
+++ spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm Sun Dec 31 17:23:09 2006
@@ -37,49 +37,9 @@
bless ($self, $class);
# the important bit!
- $self->register_eval_rule ("check_base64_length");
+ #$self->register_eval_rule ("check_base64_length");
return $self;
-}
-
-sub check_base64_length {
- my $self = shift;
- my $pms = shift;
- shift; # body array, unnecessary
- my $min = shift;
- my $max = shift;
-
- if (!defined $pms->{base64_length}) {
- $pms->{base64_length} = $self->_check_base64_length($pms->{msg});
- }
-
- return 0 if (defined $max && $pms->{base64_length} > $max);
- return $pms->{base64_length} >= $min;
-}
-
-sub _check_base64_length {
- my $self = shift;
- my $msg = shift;
-
- my $result = 0;
-
- foreach my $p ($msg->find_parts(qr@.@, 1)) {
- my $ctype=
- Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
-
- # FPs from Google Calendar invites, etc.
- # perhaps just limit to test, and image?
- next if ($ctype eq 'application/ics');
-
- my $cte = lc $p->get_header('content-transfer-encoding') || '';
- next if ($cte !~ /^base64$/);
- foreach my $l ( @{$p->raw()} ) {
- my $len = length $l;
- $result = $len if ($len > $result);
- }
- }
-
- return $result;
}
1;
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm?view=diff&rev=491519&r1=491518&r2=491519
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm Sun Dec 31 17:23:09 2006
@@ -46,6 +46,7 @@
$self->register_eval_rule("check_for_faraway_charset");
$self->register_eval_rule("check_for_uppercase");
$self->register_eval_rule("check_ma_non_text");
+ $self->register_eval_rule("check_base64_length");
return $self;
}
@@ -464,6 +465,46 @@
}
return 0;
+}
+
+sub check_base64_length {
+ my $self = shift;
+ my $pms = shift;
+ shift; # body array, unnecessary
+ my $min = shift;
+ my $max = shift;
+
+ if (!defined $pms->{base64_length}) {
+ $pms->{base64_length} = $self->_check_base64_length($pms->{msg});
+ }
+
+ return 0 if (defined $max && $pms->{base64_length} > $max);
+ return $pms->{base64_length} >= $min;
+}
+
+sub _check_base64_length {
+ my $self = shift;
+ my $msg = shift;
+
+ my $result = 0;
+
+ foreach my $p ($msg->find_parts(qr@.@, 1)) {
+ my $ctype=
+ Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
+
+ # FPs from Google Calendar invites, etc.
+ # perhaps just limit to test, and image?
+ next if ($ctype eq 'application/ics');
+
+ my $cte = lc $p->get_header('content-transfer-encoding') || '';
+ next if ($cte !~ /^base64$/);
+ foreach my $l ( @{$p->raw()} ) {
+ my $len = length $l;
+ $result = $len if ($len > $result);
+ }
+ }
+
+ return $result;
}
1;