I've been running SA for about three weeks, and in the last week or so have tried to study the code to better understand the theory of operation and to be able to extend SA by suggesting additional rules or refining existing ones.
One thing I just can't wrap my heard around, though, is the negative score for RATWARE. While it may have been produced legitimately by the GA, the result is that RATWARE (and I think there are some other examples, but I can't point to them offhand) the rule is rendered ineffective as a spam trigger, and in the case of RATWARE, it can (and should) be the tipping point for a questionable message. I'd like to argue that RATWARE should be given a manual score, since it's not really a single rule, but a market-basket of possible spam markers. Thus its score, and affectiveness, is completely dependent on exactly what expressions are put in the pattern. Most importantly, a single string that itself is a false positive (either it's a mailer that is not ~100% spamware *or* it appears legitimately elsewhere in the header) will create a negative score for the *whole* rule, not just that pattern! So it seems to me that either RATWARE should have a manual score assigned to it based on overall effectiveness, or, if it remains in the GA-derived scores, should be pared down to a core of spam mailer patterns that we have a extremely high confidence in. Otherwise the rule is somewhat self-defeating, as I found out last week when I added a pattern to it locally to try to block a very persistent spam (the joke-of-the-day/cartoon-of-the-day/vitafactory spam, which all use a ratware mailer called StormPost). I see from the list archives that there have been some differences of opinion about RATWARE but it looks like a good rule to me, if only the patterns were tighter and the score rational. -- Michael C. Berch [EMAIL PROTECTED] _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
