You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/12/09 07:06:12 UTC
promotable rules
According to the new script "build/listpromotable" -- should I just
go ahead and promote these?
## ----------------------------------------------------------------------
## Promotable rule: T_GEO_QUERY_STRING
## so=1.000 spc=2.433 hpc=0.000
## rulesrc/sandbox/dos/20_uri.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_GEO_QUERY_STRING&s_detail=1
uri T_GEO_QUERY_STRING /^http:\/\/(?:\w{2,4}\.)?geocities\.com(?::\d*)?\/.+?\/\?/i
## ----------------------------------------------------------------------
## Promotable rule: T_FORGED_IMS_TAGS
## so=1.000 spc=0.878 hpc=0.000
## rulesrc/sandbox/dos/70_bugs.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_FORGED_IMS_TAGS&s_detail=1
meta T_FORGED_IMS_TAGS (!T__YAHOO_BULK && __ANY_IMS_MUA && __MIME_HTML && !(__TAG_EXISTS_HTML && __TAG_EXISTS_HEAD && __TAG_EXISTS_META && __TAG_EXISTS_BODY))
## ----------------------------------------------------------------------
## Promotable rule: T_FORGED_IMS_HTML
## so=1.000 spc=1.260 hpc=0.000
## rulesrc/sandbox/dos/70_bugs.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_FORGED_IMS_HTML&s_detail=1
meta T_FORGED_IMS_HTML (!T__YAHOO_BULK && __IMS_MUA && MIME_HTML_ONLY && !(__IMS_HTML_BUILDS && __IMS_HTML_RCVD))
## ----------------------------------------------------------------------
## Promotable rule: T_FORGED_OUTLOOK_HTML
## so=0.999 spc=12.776 hpc=0.007
## rulesrc/sandbox/dos/70_bugs.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_FORGED_OUTLOOK_HTML&s_detail=1
meta T_FORGED_OUTLOOK_HTML (!T__YAHOO_BULK && __ANY_OUTLOOK_MUA && MIME_HTML_ONLY)
## ----------------------------------------------------------------------
## Promotable rule: T_FORGED_OUTLOOK_TAGS
## so=0.999 spc=10.591 hpc=0.007
## rulesrc/sandbox/dos/70_bugs.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_FORGED_OUTLOOK_TAGS&s_detail=1
meta T_FORGED_OUTLOOK_TAGS (!T__YAHOO_BULK && __ANY_OUTLOOK_MUA && __MIME_HTML && !(__TAG_EXISTS_HTML && __TAG_EXISTS_HEAD && __TAG_EXISTS_META && __TAG_EXISTS_BODY))
## ----------------------------------------------------------------------
## Promotable rule: T_VERTICAL_DRUGS_1
## so=1.000 spc=0.525 hpc=0.000
## rulesrc/sandbox/duncf/20_drugs.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_VERTICAL_DRUGS_1&s_detail=1
describe T_VERTICAL_DRUGS_1 Looks like drug names spelled vertically
## ----------------------------------------------------------------------
## Promotable rule: T_FUZZY_STOCK
## so=0.997 spc=3.600 hpc=0.010
## rulesrc/sandbox/duncf/25_replace.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_FUZZY_STOCK&s_detail=1
body T_FUZZY_STOCK /(?!stock)<S><T><O><C><K>/i
describe T_FUZZY_STOCK Obfuscates the word "stock"
## ----------------------------------------------------------------------
## Promotable rule: T_FUZZY_SPRM
## so=0.997 spc=1.066 hpc=0.004
## rulesrc/sandbox/felicity/70_other.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_FUZZY_SPRM&s_detail=1
body T_FUZZY_SPRM /<inter W1><post P2><S><P><U><R><M>/i
## ----------------------------------------------------------------------
## Promotable rule: T_SUBJECT_NEEDS_ENCODING
## so=0.995 spc=21.473 hpc=0.109
## rulesrc/sandbox/felicity/70_other.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_SUBJECT_NEEDS_ENCODING&s_detail=1
meta T_SUBJECT_NEEDS_ENCODING (!__SUBJECT_ENCODED_B64 && !__SUBJECT_ENCODED_QP) && __SUBJECT_NEEDS_MIME
## ----------------------------------------------------------------------
## Promotable rule: T_SUBJ_RE_NUM
## so=0.976 spc=0.789 hpc=0.019
## rulesrc/sandbox/felicity/70_other.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_SUBJ_RE_NUM&s_detail=1
meta T_SUBJ_RE_NUM !__THEBAT_MUA && __SUBJ_RE_NUM
describe T_SUBJ_RE_NUM Subject is faking 'The Bat!' responses
## ----------------------------------------------------------------------
## Promotable rule: T_DRUGS_HDIA
## so=1.000 spc=0.463 hpc=0.000
## rulesrc/sandbox/felicity/70_other.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_DRUGS_HDIA&s_detail=1
# tvd
# 0.506 0.5714 0.0000 1.000 1.00 0.01 T_DRUGS_HDIA
header T_DRUGS_HDIA Subject =~ /\bhoodia\b/i
## ----------------------------------------------------------------------
## Promotable rule: T_URI_HTML_ONLY
## so=0.986 spc=21.650 hpc=0.306
## rulesrc/sandbox/felicity/70_other.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_URI_HTML_ONLY&s_detail=1
# From discussion on users@ list
body T_URI_HTML_ONLY eval:check_html_uri_only()
describe T_URI_HTML_ONLY URIs only found in HTML part of multipart/alternative message
## ----------------------------------------------------------------------
## Promotable rule: T_SUBJ_ACC_NUM
## so=1.000 spc=0.518 hpc=0.000
## rulesrc/sandbox/felicity/70_phishing.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_SUBJ_ACC_NUM&s_detail=1
# 1.575 1.8696 0.0000 1.000 1.00 0.01 T_SUBJ_ACC_NUM3
# 1.532 1.8192 0.0000 1.000 0.67 0.01 T_SUBJ_ACC_NUM
# 1.532 1.8192 0.0000 1.000 0.67 0.01 T_SUBJ_ACC_NUM2
header T_SUBJ_ACC_NUM Subject =~ /\b(?i:invoice|account).{1,4}\d+[A-Z]+/
describe T_SUBJ_ACC_NUM Subject has spammy looking monetary reference
## ----------------------------------------------------------------------
## Promotable rule: T_SUBJ_ACC_NUM2
## so=1.000 spc=0.494 hpc=0.000
## rulesrc/sandbox/felicity/70_phishing.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_SUBJ_ACC_NUM2&s_detail=1
header T_SUBJ_ACC_NUM2 Subject =~ /\b(?i:invoice|account).{1,4}\d+[A-Z]+\s*$/
describe T_SUBJ_ACC_NUM2 Subject has spammy looking monetary reference
## ----------------------------------------------------------------------
## Promotable rule: T_SUBJ_ACC_NUM3
## so=0.996 spc=0.598 hpc=0.002
## rulesrc/sandbox/felicity/70_phishing.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_SUBJ_ACC_NUM3&s_detail=1
header T_SUBJ_ACC_NUM3 Subject =~ /\b[a-zA-Z]+ \W{1,4}\d+[A-Z]+\s*$/
describe T_SUBJ_ACC_NUM3 Subject has spammy looking monetary reference
## ----------------------------------------------------------------------
## Promotable rule: T_PH_TVD_7
## so=0.952 spc=0.331 hpc=0.017
## rulesrc/sandbox/felicity/70_phishing.cf
## http://buildbot.spamassassin.org/ruleqa?daterev=20051208-r354929-n&rule=T_PH_TVD_7&s_detail=1
body T_PH_TVD_7 /\baccount .{0,20}suspen/i
Re: promotable rules
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 09/12/2005 1:06 AM, Justin Mason wrote:
> According to the new script "build/listpromotable" -- should I just
> go ahead and promote these?
Not trying to slow things down, but is there any advantage to promoting
them now? Except for the ones that correct FPs in existing rules (like
four of mine), they can't go into anything but trunk without scoring.
Daryl
Re: promotable rules
Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Dec 09, 2005 at 03:01:34PM -0800, Justin Mason wrote:
> well, to my mind, I'd prefer to have them sit somewhere that means "these
> are ready to go, but not yet in a release tarball". There are people
> running SVN trunk, for example, and they'd find it useful to get those
> rules without digging them out of sandboxes.
I'd suggest either promoting from sandbox to both core and the update
dir (that way we don't later have to figure out what to move to core),
or promote from sandbox to updates and then when we're ready to do
rc/score generation runs for the next major release we take a snapshot
of the rules from update and move to core.
> regarding scoring: I think we may have to hand-guess scores initially.
yeah, ditto.
> in other words, let's do this gradually, instead of blocking everything on
> sa-update and a rescoring system.
Yeah, they're separate issues anyway. I'd just love to get, say, monthly
rescoring runs going at some point, which we'd deliver via sa-update.
> Theo: copying to two places: I can go for that. I'd prefer just the one,
> though ;) Why not get sa-update to read from another dir in rulesrc,
> something like:
>
[...]
> Or -- better -- shouldn't sa-update be able to update with changes to the
> core ruleset anyway?
Hrm. What I expected was to just have a directory which we put the file in,
then tar up an svn export and that's the update. I guess it could easily
instead be a script that you run, ala mkrules, which generates a directory and
tarball, and then you can have the source files wherever appropriate.
I'm open to either way. I already made an update/3.1 directory structure
(at the .../spamassassin level), but could move it to the rulesrc area.
--
Randomly Generated Tagline:
!ereh fo tuo em teg ydobemoS .rotinom eht ni m'I !pleH
Re: promotable rules
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 09/12/2005 4:48 PM, Theo Van Dinter wrote:
> On Fri, Dec 09, 2005 at 01:40:03PM -0800, Justin Mason wrote:
>
>>I do think it's worth promoting them *somewhere*, btw, instead of leaving
>>them to moulder in the sandboxes.
>
>
> Sure. I think "promotion" would be to copy the rule into the appropriate two
> places (core and sa-update) and go from there. I just want to make sure we
> come up with a reasonable policy/procedure before we move forward.
That sounds like the way to go to me. The rules can sit, waiting for
sa-update to be ready, in the sandboxes just as well as they can
anywhere else in the tree.
I don't think anyone's going to nuke good rules in their sandboxes, so
that shouldn't be a problem.
Re: promotable rules
Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Dec 09, 2005 at 01:40:03PM -0800, Justin Mason wrote:
> Yep. so what does that mean? does "sa-update" work from the
> rulesrc/core/ tree, or somewhere else?
Well, that's the issue -- we haven't designed/implemented any of the back-end
of sa-update yet. I envisioned putting the new rules and such into a tree in
the repo, tarring it up as a tar.gz file (named based on the revision number),
signing it, putting it up on the website, then updating dns.
It's a pretty simple procedure, but we just haven't actually done anything
with it yet. To be honest, sa-update hasn't really been tested off of my
laptop really.
Beyond just the "how to make an update available", is what to put into the
update. I'd like to see us do periodic rescoring, do we just put the rule in
and hand-guess a score or automate some form of hit-frequencies->score system,
etc.
I'd like to get something in place during AC.
> I do think it's worth promoting them *somewhere*, btw, instead of leaving
> them to moulder in the sandboxes.
Sure. I think "promotion" would be to copy the rule into the appropriate two
places (core and sa-update) and go from there. I just want to make sure we
come up with a reasonable policy/procedure before we move forward.
--
Randomly Generated Tagline:
"All [replacing of fat] does is lead to dissatisfaction and I think that
dissatisfaction results in overeating."
- Alton Brown
http://interviews.slashdot.org/article.pl?sid=02/09/12/1241242
Re: promotable rules
Posted by Doc Schneider <ma...@maddoc.net>.
Theo Van Dinter wrote:
> On Thu, Dec 08, 2005 at 10:06:12PM -0800, Justin Mason wrote:
>
>>According to the new script "build/listpromotable" -- should I just
>>go ahead and promote these?
>
>
> Well, we come back to the original issue I had (which is why I haven't
> promoted anything yet): what does "promote" mean now? how do we do it?
>
> ie: the obvious is that we move the rules from sandbox to core, but what about
> sa-update? we want (I would think) to move promoted rules into sa-update so
> the current users get the benefit of new rules while we keep working on 3.2.0.
> I don't want to lose track of sandbox->core rules if we're not going to do
> sa-update stuff now.
>
I think it makes sense to move the updating of the sandbox rules into
the core using sa-update.
-Doc
Re: promotable rules
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Dec 08, 2005 at 10:06:12PM -0800, Justin Mason wrote:
> According to the new script "build/listpromotable" -- should I just
> go ahead and promote these?
Well, we come back to the original issue I had (which is why I haven't
promoted anything yet): what does "promote" mean now? how do we do it?
ie: the obvious is that we move the rules from sandbox to core, but what about
sa-update? we want (I would think) to move promoted rules into sa-update so
the current users get the benefit of new rules while we keep working on 3.2.0.
I don't want to lose track of sandbox->core rules if we're not going to do
sa-update stuff now.
--
Randomly Generated Tagline:
"Bah! Stop fiddling about with things you don't understand!"
- Q in the movie "License to Kill"