You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Adam Lanier <ad...@krusty.madoff.com> on 2007/02/01 15:31:30 UTC
rule for new 'image' spam
This rule seems to be catching the newest crop of 'image' spams.
Curious how it fares in other people's corpus.
MSECS SPAM% HAM% S/O RANK SCORE NAME
0.273 1.1269 0.0000 1.000 0.71 3.200 MADF_GIF_SHORT_NAME
full MADF_GIF_SHORT_NAME /name=\"?\d{4}\.gif\"?/i
describe MADF_GIF_SHORT_NAME Contains small spam gifs
score MADF_GIF_SHORT_NAME 3.200 # [0.000..3.200]
Re: rule for new 'image' spam
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Feb 01, 2007 at 10:14:08AM -0500, Kevin A. McGrail wrote:
> This test (below) looks to me to be designed to catch all spam 0000.gif
> through 9999.gif? If so I would say the false positives are going to be
> pretty high even without running it through a corpus. Certainly it has a
> high enough potential for FPs that a score of 3.2 is not appropriate.
It's also a full rule which makes it horrible. Look at the mimeheader rules
which already look at graphic attachment filenames.
--
Randomly Selected Tagline:
"Unfortunately, the "Can't write utmp, wtmp" message, or any other
variation is a symptom with a myriad of possible causes. The causes
could range from a bad utmp or wtmp entry to the wind blowing slightly
to the north." - Paul Carver
Re: rule for new 'image' spam
Posted by "Kevin A. McGrail" <ke...@thoughtworthy.com>.
Adam:
This test (below) looks to me to be designed to catch all spam 0000.gif
through 9999.gif? If so I would say the false positives are going to be
pretty high even without running it through a corpus. Certainly it has a
high enough potential for FPs that a score of 3.2 is not appropriate.
Regards,
KAM
MSECS SPAM% HAM% S/O RANK SCORE NAME
0.273 1.1269 0.0000 1.000 0.71 3.200 MADF_GIF_SHORT_NAME
full MADF_GIF_SHORT_NAME /name=\"?\d{4}\.gif\"?/i
describe MADF_GIF_SHORT_NAME Contains small spam gifs
score MADF_GIF_SHORT_NAME 3.200 # [0.000..3.200]