-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Coffey, Neal wrote:
> Rosenbaum, Larry M. wrote:
>> This matches the spam message, but it also matches messages where the
>> number is followed by a blank line and more text, which is a false
>> positive.
>>
>> In all cases I got the same results. What am I missing?
>
> Try a compound rule. Look for the number, and then anything that's not
> a number. (Mind the line wrapping, of course.)
>
> body ORNL_B0RKEN1_SHORTNUM /^\d{3,5}\n{1,3}$/s
> body ORNL_B0RKEN1_BODYTEXT /[a-zA-Z]/
> meta ORNL_B0RKEN1 (ORNL_B0RKEN1_SHORTNUM &&
> ORNL_B0RKEN1_BODYTEXT)
> describe ORNL_B0RKEN1 B0rken spamware, message just
> contains a short number
> score ORNL_B0RKEN1 1.0
>
> That'll prevent the rule from matching if there's so much as a single
> letter in the body.
>
Actually, that'll only hit if there's a 3-5 digit number followed by 1
to 3 \n characters *AND* there *ARE* alphabetical characters in the body.
I'm guessing this isn't what you want.
your meta should probably look like (!ORNL_B0RKEN1_BODYTEXT &&
ORNL_B0RKEN1_SHORTNUM)
(this is untested, but should work as expected)
Alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFdiJQE2gsBSKjZHQRAtfXAJ9YMWfkxAx7Oq31DilaqdGCqA9WegCgvBaL
9ld47BoNnFo2ePYG3IlcK0k=
=DQ7t
-----END PGP SIGNATURE-----
