You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mat Harris <ma...@genestate.com> on 2004/02/16 11:11:45 UTC
running mass-checl
Hi,
Is there a special procedure for running mass-check with my custom
rules etc?
I have tried everything (different arguments, hacking source) but it still
seems to only use rules shipped with the tarball i got mass-check from.
I have cf's symlinked to /etc/mail/spamassassin and they score ok in test,
but they don't show up in freqs after running (nor do my backhair, bigevil
etc, which are in the smae dir).
thanks
--
Cats land on their feet.
Toast lands jellyside down.
A cat glued to some jelly toast will hover in quantum indecision
perl -e'$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: \
12m m::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
Yes, of course it's the right cabl [le0: NO CARRIER]
Re: running mass-check
Posted by Mat Harris <ma...@genestate.com>.
On Mon, Feb 16, 2004 at 09:35:14PM -0800, Robert Menschel wrote:
> Hello Mat,
>
> Monday, February 16, 2004, 2:11:45 AM, you wrote:
>
> MH> Hi,
> MH> Is there a special procedure for running mass-check with my custom
> MH> rules etc?
>
> My method is documented at http://www.exit0.us/index.php/BobCorpusTest
>
> Bob Menschel
Thanks for the reply Bob, your shell script worked a treat without any modification
(i am running redhat 7.3 btw).
I can now see which rules are really working. I also like the suggested scoring and
am experimenting with that now.
I also appologise for the typo in my original mail subject, I've only just noticed.
thanks again
mat
--
Cats land on their feet.
Toast lands jellyside down.
A cat glued to some jelly toast will hover in quantum indecision
perl -e'$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: \
12m m::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
Yes, of course it's the right cabl [le0: NO CARRIER]
Re: running mass-checl
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Mat,
Monday, February 16, 2004, 2:11:45 AM, you wrote:
MH> Hi,
MH> Is there a special procedure for running mass-check with my custom
MH> rules etc?
My method is documented at http://www.exit0.us/index.php/BobCorpusTest
Bob Menschel
Re: running mass-checl
Posted by Mat Harris <ma...@genestate.com>.
On Mon, Feb 16, 2004 at 09:37:04 -0500, Matt Kettler wrote:
> when you run mass check, if ../rules exists, it will use that instead of
> the global rules.
>
> Usualy when mass-checking and testing rules, it's convenient to test them
> in a "non-live" configuration. I generally do my mass checks by unpacking a
> tarball, and adding my rules to the rules subdir of the tarball.
>
thanks for the reply,
i will give that a try. I totally understand not testing on a live system, the
number of times i could have saved myself a day :)
thanks
--
Cats land on their feet.
Toast lands jellyside down.
A cat glued to some jelly toast will hover in quantum indecision
perl -e'$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: \
12m m::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
Yes, of course it's the right cabl [le0: NO CARRIER]
Re: running mass-checl
Posted by Matt Kettler <mk...@comcast.net>.
At 10:11 AM 2/16/04 +0000, Mat Harris wrote:
>Hi,
> Is there a special procedure for running mass-check with my custom
>rules etc?
>
>I have tried everything (different arguments, hacking source) but it still
>seems to only use rules shipped with the tarball i got mass-check from.
when you run mass check, if ../rules exists, it will use that instead of
the global rules.
Usualy when mass-checking and testing rules, it's convenient to test them
in a "non-live" configuration. I generally do my mass checks by unpacking a
tarball, and adding my rules to the rules subdir of the tarball.
Re: [spa] Re: bad href rule....
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Tue, 17 Feb 2004, Charles Gregory wrote:
>
> (smug look) Gee, I'm getting good at this..... :-)
> You've already got 433 of those in your corpus? They only started
> a couple of days ago.... (shake head)
>
> - Charles
>
> On Tue, 17 Feb 2004, Robert Menschel wrote:
> > Hello Charles,
> > Monday, February 16, 2004, 8:38:10 AM, you wrote:
> >
> > CG> Seeing a new run of spam with:
> > CG> {a hrefstringhref=http://bogus.url href="http://real.url"}
> >
> > CG> I think they are hoping to fool a primitive scan for 'href=' but it
> > CG> just makes for a really unambiguous spamsign. I'm scoring it high.
> > CG> We'll probably see some variations on this soon, with other things in
> > CG> front of href.....
> >
> > CG> rawbody LOC_HTMLBADHREF /href[a-z]*href/i
> > CG> describe LOC_HTMLBADHREF href(string)href in link
> > CG> score LOC_HTMLBADHREF 2.5
> >
> > LOC_HTMLBADHREF -- 433s/0h of 100794 corpus (82099s/18695h) 02/16/04
> > Bob Menschel
No, I've been seeing that junk for several weeks now.
I wrote a similar rule that is a little less discriminating but
seems to work for me.
rawbody L_FAKE_HREF /\w\whref=http:/i
describe L_FAKE_HREF Faked href to hide spammer URLs
score L_FAKE_HREF 1.7
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: [spa] Re: bad href rule....
Posted by Charles Gregory <cg...@hwcn.org>.
(smug look) Gee, I'm getting good at this..... :-)
You've already got 433 of those in your corpus? They only started
a couple of days ago.... (shake head)
- Charles
On Tue, 17 Feb 2004, Robert Menschel wrote:
> Hello Charles,
> Monday, February 16, 2004, 8:38:10 AM, you wrote:
>
> CG> Seeing a new run of spam with:
> CG> {a hrefstringhref=http://bogus.url href="http://real.url"}
>
> CG> I think they are hoping to fool a primitive scan for 'href=' but it
> CG> just makes for a really unambiguous spamsign. I'm scoring it high.
> CG> We'll probably see some variations on this soon, with other things in
> CG> front of href.....
>
> CG> rawbody LOC_HTMLBADHREF /href[a-z]*href/i
> CG> describe LOC_HTMLBADHREF href(string)href in link
> CG> score LOC_HTMLBADHREF 2.5
>
> LOC_HTMLBADHREF -- 433s/0h of 100794 corpus (82099s/18695h) 02/16/04
>
>
> Bob Menschel
>
>
>
Re: bad href rule....
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Charles,
Monday, February 16, 2004, 8:38:10 AM, you wrote:
CG> Seeing a new run of spam with:
CG> {a hrefstringhref=http://bogus.url href="http://real.url"}
CG> I think they are hoping to fool a primitive scan for 'href=' but it
CG> just makes for a really unambiguous spamsign. I'm scoring it high.
CG> We'll probably see some variations on this soon, with other things in
CG> front of href.....
CG> rawbody LOC_HTMLBADHREF /href[a-z]*href/i
CG> describe LOC_HTMLBADHREF href(string)href in link
CG> score LOC_HTMLBADHREF 2.5
LOC_HTMLBADHREF -- 433s/0h of 100794 corpus (82099s/18695h) 02/16/04
Bob Menschel
bad href rule....
Posted by Charles Gregory <cg...@hwcn.org>.
Seeing a new run of spam with:
{a hrefstringhref=http://bogus.url href="http://real.url"}
I think they are hoping to fool a primitive scan for 'href=' but it
just makes for a really unambiguous spamsign. I'm scoring it high.
We'll probably see some variations on this soon, with other things in
front of href.....
rawbody LOC_HTMLBADHREF /href[a-z]*href/i
describe LOC_HTMLBADHREF href(string)href in link
score LOC_HTMLBADHREF 2.5
- Charles