From: Charles Gregory <cgreg...@hwcn.org> Date: Fri, 1 May 2009 10:48:00 -0400 (EDT) Uh, what do these 'ratware' rules trigger on?
The rules trigger on spam with a particular Message-Id and boundary pattern. How effective are they, and what are the chances of false positives? For last month the KB_RATWARE_OUTLOOK_08 rule hits 21% of spam (4665 hits out of 21748 spam). It works great here. I haven't seen any FP. Your mileage may vary. I got the rules from Karsten's sandbox: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/kb/70_misc.cf I would imagine that these rules will eventually show up in sa-update. -jeff On Thu, 30 Apr 2009, LuKreme wrote: > (single lines) > header KB_RATWARE_OUTLOOK_16 ALL =~ /^Message-Id: > <....([0-9a-f]{8})\$([0-9a-f]{8})\$.{100,400}boundary="----=_NextPart_000_...._\1\.\2/msi > # " > > header KB_RATWARE_OUTLOOK_12 ALL =~ /^Message-Id: > <....([0-9a-f]{8})\$([0-9a-f]{4})[0-9a-f]{4}\$.{100,400}boundary="----=_NextPart_000_...._\1\.\2/msi > # " > > header KB_RATWARE_BOUNDARY ALL =~ /^Message-Id: > <....([0-9a-f]{8})\$[0-9a-f]{8}\$.{100,400}boundary="----=_NextPart_000_...._\1\./msi > # " > > score KB_RATWARE_BOUNDARY 2.0 > score KB_RATWARE_OUTLOOK_16 0.1 > > > -- > Exit, pursued by a bear. >
