You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by snowcrash+spamassassin <sc...@gmail.com> on 2006/12/12 20:10:53 UTC
some scores (fuzzyocr, spf, tvd_fw_graphic) missing in normal submission; OK in manual resubmit
i have SA 3.1.x branch head installed with FuzzyOCR 350rc1.
in --lint tests pass w/o error, and image-containing test messages
score as expected.
today, i received a spam msg with an attached gif.
it scored as spam, and was scored/delivered with report headers of,
X-Spam-Status: score=8.6/4.0 autolearn=no
X-Spam-Report:
* 0.5 RELAY_JP Relayed through Japan
* 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
* 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails
* 1.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
* [score: 0.2209]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.2 SARE_GIF_ATTACH FULL: Email has a inline gif
* 0.9 MY_CID_AND_CLOSING SARE cid and closing
* 0.7 MY_CID_AND_STYLE SARE cid and style
* 1.2 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing
* 1.1 MY_CID_ARIAL_STYLE SARE cid arial2 style
* 0.7 MY_CID_AND_ARIAL2 SARE CID and Arial2
note -- *NO* FuzzyOCR tests/score.
if i then submit this same suspect message w,
spamassassin -D -t -x < ./suspect_message
it returns,
Content analysis details: (34.1 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.5 RELAY_JP Relayed through Japan
1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails
1.4 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
[SPF failed: Please see
http://www.openspf.org/why.html?sender=dvabzg%40hvdaawn.nl&ip=222.228.73.146&receiver=my.domcain.com]
1.8 TVD_FW_GRAPHIC_NAME_LONG BODY: TVD_FW_GRAPHIC_NAME_LONG
1.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.2209]
2.8 TVD_FW_GRAPHIC_ID1 BODY: TVD_FW_GRAPHIC_ID1
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 SARE_GIF_ATTACH FULL: Email has a inline gif
2.0 PART_CID_STOCK Has a spammy image attachment (by Content-ID)
2.0 PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID,
more specific)
0.9 MY_CID_AND_CLOSING SARE cid and closing
0.7 MY_CID_AND_STYLE SARE cid and style
1.2 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing
1.1 MY_CID_ARIAL_STYLE SARE cid arial2 style
0.7 MY_CID_AND_ARIAL2 SARE CID and Arial2
16 FUZZY_OCR_KNOWN_HASH BODY: Image with known hash
Words found:
"meridia" in 1 lines
"target" in 1 lines
"symbol" in 1 lines
"price" in 2 lines
"company" in 1 lines
"trade" in 2 lines
"recommendation" in 1 lines
(13.5 word occurrences found)
which now additionaly INCLUDES the Fuzzyocr tests/scores,
16 FUZZY_OCR_KNOWN_HASH BODY: Image with known hash
as well as,
1.4 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.8 TVD_FW_GRAPHIC_NAME_LONG BODY: TVD_FW_GRAPHIC_NAME_LONG
2.8 TVD_FW_GRAPHIC_ID1 BODY: TVD_FW_GRAPHIC_ID1
given that,
grep focr_autodisable_score FuzzyOcr.cf
focr_autodisable_score 20
why in only one case does FuzzyOcr -- and these other tests -- score?
i've missed something obvious in either my SA or FuzzyOcr config(s), i
presume ... but what might it be?
thanks.
Re: some scores (fuzzyocr, spf, tvd_fw_graphic) missing in normal submission; OK in manual resubmit
Posted by snowcrash+spamassassin <sc...@gmail.com>.
also, if i extract the .gif from the spam, attach to a new message and
mail that to myself, it scores/reports. correctly with all -- fuzzyocr
& others -- test.
hm ...
Re: some scores (fuzzyocr, spf, tvd_fw_graphic) missing in normal submission; OK in manual resubmit
Posted by snowcrash+spamassassin <sc...@gmail.com>.
> that is hard to tell, can you reproduce the error somehow? (i.e.
> reproduce the situation where FuzzyOcr did NOT score?).
well, there lies the challenge -- and the point, i guess -- *i* can't
reproduce the non-scoring. every test i run scores OK.
> If so, enable
> debugging to the logfile to see whats going on exactly :)
forgot abt the separate log :-/
i cranked logging verbosity from 1->3; and will keep an eye out for
next non-scoring message.
but, i *did* notice in me "level 1" log,
2006-12-12 11:42:01 [3314] gifsicle is already defined, skipping...
2006-12-12 11:42:01 [3314] giffix is already defined, skipping...
2006-12-12 11:42:01 [3314] giftext is already defined, skipping...
2006-12-12 11:42:02 [3314] gifinter is already defined, skipping...
2006-12-12 11:42:02 [3314] giftopnm is already defined, skipping...
2006-12-12 11:42:02 [3314] jpegtopnm is already defined, skipping...
2006-12-12 11:42:02 [3314] pngtopnm is already defined, skipping...
2006-12-12 11:42:02 [3314] bmptopnm is already defined, skipping...
2006-12-12 11:42:02 [3314] tifftopnm is already defined, skipping...
2006-12-12 11:42:02 [3314] ppmhist is already defined, skipping...
2006-12-12 11:42:02 [3314] gocr is already defined, skipping...
2006-12-12 11:42:02 [3314] ocrad is already defined, skipping...
2006-12-12 11:42:02 [3314] pnmnorm is already defined, skipping...
2006-12-12 11:42:02 [3314] pnminvert is already defined, skipping...
2006-12-12 11:42:02 [3314] convert is already defined, skipping...
2006-12-12 11:42:02 [3314] pamthreshold is already defined, skipping...
2006-12-12 11:42:02 [3314] ppmtopgm is already defined, skipping...
2006-12-12 11:42:02 [3314] pamtopnm is already defined, skipping...
2006-12-12 11:42:02 [3314] Error, label already used earlier in line
170, aborting...
2006-12-12 11:42:02 [3314] Error parsing preprocessor file
"/etc/mail/spamassasson/FuzzyOcr.preps", aborting...
don't know if this is a problem yet ...
Re: some scores (fuzzyocr, spf, tvd_fw_graphic) missing in normal
submission; OK in manual resubmit
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
snowcrash+spamassassin wrote:
> i have SA 3.1.x branch head installed with FuzzyOCR 350rc1.
>
> in --lint tests pass w/o error, and image-containing test messages
> score as expected.
>
> today, i received a spam msg with an attached gif.
>
> it scored as spam, and was scored/delivered with report headers of,
>
>
> X-Spam-Status: score=8.6/4.0 autolearn=no X-Spam-Report: * 0.5
> RELAY_JP Relayed through Japan * 1.1 EXTRA_MPART_TYPE Header has
> extraneous Content-type:...type= entry * 0.0 DK_POLICY_SIGNSOME
> Domain Keys: policy says domain signs some mails * 1.2 BAYES_40
> BODY: Bayesian spam probability is 20 to 40% * [score: 0.2209]
> * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.2
> SARE_GIF_ATTACH FULL: Email has a inline gif * 0.9
> MY_CID_AND_CLOSING SARE cid and closing * 0.7 MY_CID_AND_STYLE
> SARE cid and style * 1.2 MY_CID_ARIAL2_CLOSING SARE cid arial2
> closing * 1.1 MY_CID_ARIAL_STYLE SARE cid arial2 style * 0.7
> MY_CID_AND_ARIAL2 SARE CID and Arial2
>
> note -- *NO* FuzzyOCR tests/score.
>
> if i then submit this same suspect message w,
>
> spamassassin -D -t -x < ./suspect_message
>
> it returns,
>
> Content analysis details: (34.1 points, 4.0 required)
>
> pts rule name description ---- ----------------------
> -------------------------------------------------- 0.5 RELAY_JP
> Relayed through Japan 1.1 EXTRA_MPART_TYPE Header has
> extraneous Content-type:...type= entry 0.0 DK_POLICY_SIGNSOME
> Domain Keys: policy says domain signs some mails 1.4 SPF_SOFTFAIL
> SPF: sender does not match SPF record (softfail) [SPF failed:
> Please see
> http://www.openspf.org/why.html?sender=dvabzg%40hvdaawn.nl&ip=222.228.73.146&receiver=my.domcain.com]
>
>
> 1.8 TVD_FW_GRAPHIC_NAME_LONG BODY: TVD_FW_GRAPHIC_NAME_LONG 1.2
> BAYES_40 BODY: Bayesian spam probability is 20 to 40%
> [score: 0.2209] 2.8 TVD_FW_GRAPHIC_ID1 BODY:
> TVD_FW_GRAPHIC_ID1 0.0 HTML_MESSAGE BODY: HTML included
> in message 1.2 SARE_GIF_ATTACH FULL: Email has a inline gif
> 2.0 PART_CID_STOCK Has a spammy image attachment (by
> Content-ID) 2.0 PART_CID_STOCK_LESS Has a spammy image
> attachment (by Content-ID, more specific) 0.9 MY_CID_AND_CLOSING
> SARE cid and closing 0.7 MY_CID_AND_STYLE SARE cid and style
> 1.2 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing 1.1
> MY_CID_ARIAL_STYLE SARE cid arial2 style 0.7 MY_CID_AND_ARIAL2
> SARE CID and Arial2 16 FUZZY_OCR_KNOWN_HASH BODY: Image with
> known hash Words found: "meridia" in 1 lines "target" in 1 lines
> "symbol" in 1 lines "price" in 2 lines "company" in 1 lines "trade"
> in 2 lines "recommendation" in 1 lines (13.5 word occurrences
> found)
>
>
> which now additionaly INCLUDES the Fuzzyocr tests/scores,
>
> 16 FUZZY_OCR_KNOWN_HASH BODY: Image with known hash
>
> as well as,
>
> 1.4 SPF_SOFTFAIL SPF: sender does not match SPF record
> (softfail) 1.8 TVD_FW_GRAPHIC_NAME_LONG BODY:
> TVD_FW_GRAPHIC_NAME_LONG 2.8 TVD_FW_GRAPHIC_ID1 BODY:
> TVD_FW_GRAPHIC_ID1
>
>
> given that,
>
> grep focr_autodisable_score FuzzyOcr.cf focr_autodisable_score 20
>
> why in only one case does FuzzyOcr -- and these other tests --
> score?
>
> i've missed something obvious in either my SA or FuzzyOcr
> config(s), i presume ... but what might it be?
Hi,
that is hard to tell, can you reproduce the error somehow? (i.e.
reproduce the situation where FuzzyOcr did NOT score?). If so, enable
debugging to the logfile to see whats going on exactly :)
Best regards,
Chris
>
> thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFfwdUJQIKXnJyDxURAvRCAJ9/cjePAsaqTwFFe6DvSWGCWvVF+QCgrEDY
5g9qT0ZksfeHkvNE0StSCWs=
=1ZL9
-----END PGP SIGNATURE-----