svn commit: r491519 - in /spamassassin: rules/trunk/sandbox/felicity/70_other.cf rules/trunk/sandbox/felicity/sandbox-felicity.pm trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm

[fe...@apache.org]

Author: felicity
Date: Sun Dec 31 17:23:09 2006
New Revision: 491519

URL: http://svn.apache.org/viewvc?view=rev&rev=491519
Log:
promote BASE64_LENGTH_* rules which have good results from the nightly runs

Modified:
    spamassassin/rules/trunk/sandbox/felicity/70_other.cf
    spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
    spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm

Modified: spamassassin/rules/trunk/sandbox/felicity/70_other.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/70_other.cf?view=diff&rev=491519&r1=491518&r2=491519
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_other.cf Sun Dec 31 17:23:09 2006
@@ -229,22 +229,22 @@
 header TVD_RATWARE_MSGID_02	Message-ID =~ /^[^<]*<[a-z]+\@/
 
 ########################################################################
-loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+#loadplugin Mail::SpamAssassin::Plugin::Sandbox::felicity sandbox-felicity.pm
+#ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
+#endif
+########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEEval
 
-ifplugin Mail::SpamAssassin::Plugin::Sandbox::felicity
 # It came up on the users@ list that some spammers generate base64 encoded
 # parts with a single or a handful of long lines over the standard length,
 # which hovers around 77 chars on average.
-# 1.632   1.9658   0.0000    1.000   0.90    0.01  T_BASE64_LENGTH_78
-# 1.628   1.9611   0.0000    1.000   0.90    0.01  T_BASE64_LENGTH_79
-# 1.627   1.9593   0.0000    1.000   0.90    0.01  T_BASE64_LENGTH_80
-# 1.100   1.3246   0.0000    1.000   0.87    0.01  T_BASE64_LENGTH_90
-
+#  0.798   0.9651   0.0000    1.000   0.86    0.00  BASE64_LENGTH_79_INF
+#  0.170   0.2047   0.0020    0.990   0.69    0.00  BASE64_LENGTH_78_79
 body BASE64_LENGTH_78_79	eval:check_base64_length('78','79')
 body BASE64_LENGTH_79_INF	eval:check_base64_length('79')
 
 endif
-########################################################################
 
 # these don't have a large enough hitrate to be real rules, but it may be
 # useful to track over time since they are 100% definite obfuscation

Modified: spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm?view=diff&rev=491519&r1=491518&r2=491519
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm (original)
+++ spamassassin/rules/trunk/sandbox/felicity/sandbox-felicity.pm Sun Dec 31 17:23:09 2006
@@ -37,49 +37,9 @@
   bless ($self, $class);
 
   # the important bit!
-  $self->register_eval_rule ("check_base64_length");
+  #$self->register_eval_rule ("check_base64_length");
 
   return $self;
-}
-
-sub check_base64_length {
-  my $self = shift;
-  my $pms = shift;
-  shift; # body array, unnecessary
-  my $min = shift;
-  my $max = shift;
-
-  if (!defined $pms->{base64_length}) {
-    $pms->{base64_length} = $self->_check_base64_length($pms->{msg});
-  }
-
-  return 0 if (defined $max && $pms->{base64_length} > $max);
-  return $pms->{base64_length} >= $min;
-}
-
-sub _check_base64_length {
-  my $self = shift;
-  my $msg = shift;
-
-  my $result = 0;
-
-  foreach my $p ($msg->find_parts(qr@.@, 1)) {
-    my $ctype=
-      Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
-
-    # FPs from Google Calendar invites, etc.
-    # perhaps just limit to test, and image?
-    next if ($ctype eq 'application/ics');
-
-    my $cte = lc $p->get_header('content-transfer-encoding') || '';
-    next if ($cte !~ /^base64$/);
-    foreach my $l ( @{$p->raw()} ) {
-      my $len = length $l;
-      $result = $len if ($len > $result);
-    }
-  }
-  
-  return $result;
 }
 
 1;

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm?view=diff&rev=491519&r1=491518&r2=491519
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MIMEEval.pm Sun Dec 31 17:23:09 2006
@@ -46,6 +46,7 @@
   $self->register_eval_rule("check_for_faraway_charset");
   $self->register_eval_rule("check_for_uppercase");
   $self->register_eval_rule("check_ma_non_text");
+  $self->register_eval_rule("check_base64_length");
 
   return $self;
 }
@@ -464,6 +465,46 @@
   }
   
   return 0;
+}
+
+sub check_base64_length {
+  my $self = shift;
+  my $pms = shift;
+  shift; # body array, unnecessary
+  my $min = shift;
+  my $max = shift;
+
+  if (!defined $pms->{base64_length}) {
+    $pms->{base64_length} = $self->_check_base64_length($pms->{msg});
+  }
+
+  return 0 if (defined $max && $pms->{base64_length} > $max);
+  return $pms->{base64_length} >= $min;
+}
+
+sub _check_base64_length {
+  my $self = shift;
+  my $msg = shift;
+
+  my $result = 0;
+
+  foreach my $p ($msg->find_parts(qr@.@, 1)) {
+    my $ctype=
+      Mail::SpamAssassin::Util::parse_content_type($p->get_header('content-type'));
+
+    # FPs from Google Calendar invites, etc.
+    # perhaps just limit to test, and image?
+    next if ($ctype eq 'application/ics');
+
+    my $cte = lc $p->get_header('content-transfer-encoding') || '';
+    next if ($cte !~ /^base64$/);
+    foreach my $l ( @{$p->raw()} ) {
+      my $len = length $l;
+      $result = $len if ($len > $result);
+    }
+  }
+  
+  return $result;
 }
 
 1;