[SAtalk] ShortMsgid

Robert Menschel Sat, 31 Jan 2004 10:01:11 -0800

Had a spate of unwanted emails, apparently empty body, very short message
ids.


Built a set of rules:

header    RM_hm_ShortMsgid06     Message-ID =~ /^.{1,6}$/
describe  RM_hm_ShortMsgid06     Message ID is too short to be valid. Possible 
spam/virus sign
score     RM_hm_ShortMsgid06     0.800  #
header    RM_hm_ShortMsgid07     Message-ID =~ /^.{1,7}$/
describe  RM_hm_ShortMsgid07     Message ID is too short to be valid. Possible 
spam/virus sign
score     RM_hm_ShortMsgid07     0.800  #
header    RM_hm_ShortMsgid08     Message-ID =~ /^.{1,8}$/
describe  RM_hm_ShortMsgid08     Message ID is too short to be valid. Possible 
spam/virus sign
score     RM_hm_ShortMsgid08     0.800  #

etc.

Results:

Section 3 -- Frequencies Log
(First numeric frequencies, followed by percentage frequencies)

OVERALL     SPAM      HAM     S/O   SCORE  NAME
  97268    79437    17831    0.817   0.00    0.00  (all messages)
     27       27        0    1.000   1.00   1.80  RM_hm_ShortMsgid13
     24       24        0    1.000   1.00   1.80  RM_hm_ShortMsgid12
     21       21        0    1.000   1.00   1.80  RM_hm_ShortMsgid11
     16       16        0    1.000   1.00   1.80  RM_hm_ShortMsgid10
     13       13        0    1.000   1.00   1.80  RM_hm_ShortMsgid09
     12       12        0    1.000   1.00   1.80  RM_hm_ShortMsgid08
     11       11        0    1.000   1.00   1.80  RM_hm_ShortMsgid07
     10       10        0    1.000   1.00   1.80  RM_hm_ShortMsgid06
    139      125       14    0.667   0.24   1.80  RM_hm_ShortMsgid18
    108       94       14    0.601   0.15   1.80  RM_hm_ShortMsgid17
     89       75       14    0.546   0.09   1.80  RM_hm_ShortMsgid16
     51       41       10    0.479   0.04   1.80  RM_hm_ShortMsgid15
     43       33       10    0.426   0.00   1.80  RM_hm_ShortMsgid14

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
  97268    79437    17831    0.817   0.00    0.00  (all messages)
100.000  81.6682  18.3318    0.817   0.00    0.00  (all messages as %)
  0.028   0.0340   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid13
  0.025   0.0302   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid12
  0.022   0.0264   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid11
  0.016   0.0201   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid10
  0.013   0.0164   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid09
  0.012   0.0151   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid08
  0.011   0.0138   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid07
  0.010   0.0126   0.0000    1.000   1.00    1.80  RM_hm_ShortMsgid06
  0.143   0.1574   0.0785    0.667   0.24    1.80  RM_hm_ShortMsgid18
  0.111   0.1183   0.0785    0.601   0.15    1.80  RM_hm_ShortMsgid17
  0.091   0.0944   0.0785    0.546   0.09    1.80  RM_hm_ShortMsgid16
  0.052   0.0516   0.0561    0.479   0.04    1.80  RM_hm_ShortMsgid15
  0.044   0.0415   0.0561    0.426   0.00    1.80  RM_hm_ShortMsgid14

Shortest message id in ham was 14 chars long. Leave one character of
elbow room, and I'm adding the following rule to my custom rule set:

header    RM_hm_ShortMsgid12     Message-ID =~ /^.{1,12}$/
describe  RM_hm_ShortMsgid12     Message ID is too short to be valid. Possible 
spam/virus sign
score     RM_hm_ShortMsgid12     1.800  # 24s/0h of 97268 corpus (79437s/17831h) 
01/29/04

Bob Menschel






-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] ShortMsgid

Reply via email to