You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Shawn R. Beairsto" <sb...@dkl.com> on 2004/12/17 16:18:06 UTC
F.P. with SARE rule
Good morning everyone,
I just got a F.P. using one of the SARE rulesets, looks like the
SARE_SUB_PENIS_OB rule might need some tweaking. Seems like it fired
from the word pennies:
Content preview: Pennies From Heaven The Daily Reckoning [...]
Content analysis details: (7.9 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
3.3 SARE_SUB_PENIS_OB subject has obfuscated spammer topic
1.9 LOW_INTEREST BODY: Lower Interest Rates
1.5 MORTGAGE_BEST BODY: Information on mortgages
1.2 BANG_MORE BODY: Talks about more with an exclamation!
0.0 HTML_MESSAGE BODY: HTML included in message
--
Shawn Beairsto
Network Administrator
Data Kinetics Ltd.
http://www.dkl.com
Re: F.P. with SARE rule
Posted by Matt Kettler <mk...@comcast.net>.
At 10:18 AM 12/17/2004 -0500, Shawn R. Beairsto wrote:
>I just got a F.P. using one of the SARE rulesets, looks like the
>SARE_SUB_PENIS_OB rule might need some tweaking. Seems like it fired from
>the word pennies:
Yep.. it's crap like that that makes me staunchly refuse to use .? as a
gapping character..
It's really odd that this rule has an antidrug obfu style section AND a .?
section.. I'd suggest splitting them up. This way the exemption words like
pennies pencils, etc can all be handled only for the .? based rule.. the
antidrug style obfu rule uses [\W_]? as a gap, and won't suffer from FPs on
words like that, but it also won't catch anything obfuscated with
extra-letter stuffing..