Re: [SAtalk] 2.11 released

2002-03-04 Thread Jeremy Mates
Hrmm, even better would be the following header check, which should be faster to process and harder to fake: header PGP_MIME_SIGNATURE Content-Type =~ /multipart\/signed; micalg.*application\/pgp-signature"/s describe PGP_MIME_SIGNATURE Contains PGP-signed MIME attatchement Due to every m

Re: [SAtalk] 2.11 released

2002-03-04 Thread Jeremy Mates
* Duncan Findlay <[EMAIL PROTECTED]> [2002-03-04T20:19-0800]: > This is signed - mutt style. (I'm not really sure how this turns out in > other MUA's. I think it's a multpart mime message. multipart/signed, and apparently not matched by the rawbody PGP_SIGNATURE rule in SA 2.11. Maybe an additio

Re: [SAtalk] 2.11 released

2002-03-04 Thread Duncan Findlay
On Tue, Mar 05, 2002 at 10:43:38AM +0700, Olivier Nicole wrote: > > > It would need to check that the strings between BEGIN and END is in a > > > proper format that belongs tp PGP, even if PGP cannot finish > > > validating the signed text. > > > > And what is that format? > > > Well I have no

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
> > It would need to check that the strings between BEGIN and END is in a > > proper format that belongs tp PGP, even if PGP cannot finish > > validating the signed text. > > And what is that format? Well I have no idea, I beleive that could be solved by a call to PGP, where PGP would abort say

Re: [SAtalk] 2.11 released

2002-03-04 Thread Duncan Findlay
On Tue, Mar 05, 2002 at 09:55:25AM +0700, Olivier Nicole wrote: > > > OK then only check that the thingy bellow BEGIN PGP SIGNATURE--- > > > is a valid signature. That should be quick. > > I think validate = verify. > > It does not need to be the same. > > For example it does not need to hav

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
> > OK then only check that the thingy bellow BEGIN PGP SIGNATURE--- > > is a valid signature. That should be quick. > I think validate = verify. It does not need to be the same. For example it does not need to have the public key of the one signing, nor it needs to calculate the hash for th

Re: [SAtalk] 2.11 released

2002-03-04 Thread Duncan Findlay
On Tue, Mar 05, 2002 at 09:20:22AM +0700, Olivier Nicole wrote: > >Please don't verify the signature. Some things are best left to the MUA. > >Verifying takes a LONG time, in some cases. My MUA also verifies. Does it > >make sense for both to do so? > > OK then only check that the thingy bellow -

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
>Please don't verify the signature. Some things are best left to the MUA. >Verifying takes a LONG time, in some cases. My MUA also verifies. Does it >make sense for both to do so? OK then only check that the thingy bellow BEGIN PGP SIGNATURE--- is a valid signature. That should be quick. Oli

Re: [SAtalk] 2.11 released

2002-03-04 Thread dman
On Mon, Mar 04, 2002 at 09:01:45PM -0500, Duncan Findlay wrote: | On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote: | > Me thinks it would even be a good thing is SA could verify the signature :) | > | > But where to get the key from? | > | | Please don't verify the signature. Som

Re: [SAtalk] 2.11 released

2002-03-04 Thread Craig Hughes
I agree. Verifying is probably overkill, and definitely slow, and the MUA's job. Actually, probably not the MUA's job, but the MUA should call something to do the job. C On Mon, 2002-03-04 at 18:01, Duncan Findlay wrote: > On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote: > > Me

Re: [SAtalk] 2.11 released

2002-03-04 Thread Duncan Findlay
On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote: > Me thinks it would even be a good thing is SA could verify the signature :) > > But where to get the key from? > Please don't verify the signature. Some things are best left to the MUA. Verifying takes a LONG time, in some cases

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
Me thinks it would even be a good thing is SA could verify the signature :) But where to get the key from? Olivier > | Playing devil's advocate, all the spammers have to do is add the text: > | > | -BEGIN PGP SIGNATURE- > | > | > | They don't actually have to sign anything. Put it at t

Re: [SAtalk] 2.11 released

2002-03-04 Thread Gunter Ohrner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Monday, 4. March 2002 04:01 schrieb Duncan Findlay: > > Interesting negative scores: > > score INCREASE_SALES -1.273 > > score CASHCASHCASH -0.839 > > score OPPORTUNITY-0.651 (...) > And even if

Re: [SAtalk] 2.11 released

2002-03-04 Thread Theo Van Dinter
On Mon, Mar 04, 2002 at 10:00:20AM -0800, Craig Hughes wrote: > way to go pointing out tips for the spammers :) I try not to underestimate my enemies -- I think the spammers would have figured this one out on their own. ;) -- Randomly Generated Tagline: "Smoking kills. If you're killed, you've

Re: [SAtalk] 2.11 released

2002-03-04 Thread Craig Hughes
Thanks Theo, way to go pointing out tips for the spammers :) C On Mon, 2002-03-04 at 07:22, Theo Van Dinter wrote: > On Mon, Mar 04, 2002 at 09:11:23AM -0600, Seth H. Bokelman wrote: > > folks. I don't think that Spammers are going to go through all the > > trouble of obtaining a PGP key and s

Re: [SAtalk] 2.11 released

2002-03-04 Thread dman
On Mon, Mar 04, 2002 at 10:22:05AM -0500, Theo Van Dinter wrote: | On Mon, Mar 04, 2002 at 09:11:23AM -0600, Seth H. Bokelman wrote: | > folks. I don't think that Spammers are going to go through all the | > trouble of obtaining a PGP key and signing their messages just to | > slip one past SpamA

RE: [SAtalk] 2.11 released

2002-03-04 Thread Craig Hughes
On Sun, 2002-03-03 at 21:16, Michael Moncur wrote: > NEGATIVE SCORES that weren't indended to be: > (probably by now most of these are just bad rules and should be set to zero) Setting these to 0 without introducing new nonspam-identifying rules to replace them will greatly (very greatly) increas

Re: [SAtalk] 2.11 released

2002-03-04 Thread Craig Hughes
Not necessarily in more nonspam than spam, but in a significant amount of nonspam. Raising the scores on these (and I tried with each) will severely increase the rate of false positives. C On Sun, 2002-03-03 at 18:22, Matthew Cline wrote: > On Sunday 03 March 2002 05:58 pm, Craig R Hughes wrote

Re: [SAtalk] 2.11 released

2002-03-04 Thread Theo Van Dinter
On Mon, Mar 04, 2002 at 09:11:23AM -0600, Seth H. Bokelman wrote: > folks. I don't think that Spammers are going to go through all the > trouble of obtaining a PGP key and signing their messages just to > slip one past SpamAssassin. Playing devil's advocate, all the spammers have to do is add th

RE: [SAtalk] 2.11 released

2002-03-04 Thread Seth H. Bokelman
MAIL PROTECTED]] On Behalf Of Michael Moncur Sent: Sunday, March 03, 2002 11:16 PM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] 2.11 released > I just pushed out the new scores (and a bugfix or two) as 2.11 The new scores look MUCH better. By the way, using my corrected scores with 2.1 for the la

RE: [SAtalk] 2.11 released

2002-03-03 Thread Michael Moncur
> I just pushed out the new scores (and a bugfix or two) as 2.11 The new scores look MUCH better. By the way, using my corrected scores with 2.1 for the last few days, I've had excellent results. Not a single false positive and only a couple missed spams. I think the new scores will be even bette

Re: [SAtalk] 2.11 released

2002-03-03 Thread Duncan Findlay
On Sun, Mar 03, 2002 at 06:22:03PM -0800, Matthew Cline wrote: > On Sunday 03 March 2002 05:58 pm, Craig R Hughes wrote: > > I just pushed out the new scores (and a bugfix or two) as 2.11 > > > > The new scores are done by constraining the GA more, using Michael Moncur's > > submitted scores as a

Re: [SAtalk] 2.11 released

2002-03-03 Thread Matthew Cline
On Sunday 03 March 2002 05:58 pm, Craig R Hughes wrote: > I just pushed out the new scores (and a bugfix or two) as 2.11 > > The new scores are done by constraining the GA more, using Michael Moncur's > submitted scores as a starting point, and then hand-tweaking the output > where basically any -

[SAtalk] 2.11 released

2002-03-03 Thread Craig R Hughes
I just pushed out the new scores (and a bugfix or two) as 2.11 The new scores are done by constraining the GA more, using Michael Moncur's submitted scores as a starting point, and then hand-tweaking the output where basically any -ve scores that came out but which only existed in the corpus as