On Sun, 3 May 2009, Michael Monnerie wrote:
I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and FUZZY_VLIUM
with a german announcement from Paypal about changing their general
terms and conditions. Maybe those rules can be optimized?
This came up back in March. I'm a little surprised there hasn't been any
action on it, as a bugzilla ticket was supposedly opened.
Here's the off-list discussion I had with Schwaller Remo, who originally
reported it (accents lost, sorry):
---------------------------------
On Fri, 13 Mar 2009, John Hardin wrote:
On Fri, 13 Mar 2009, Schwaller Remo wrote:
> Well, unfortunately it involves changes to the stock rule. If you
> send me a specific rule that's causing you problems, and the
> specific legitimate word it is matching on that's problematic, I'll
> send you an example of what you'd do.
thanks a lot for your help. the part "vollum" from the german word
"vollumfnglich" triggers the Valium Rules.
X-Spam-Status: Yes, score=5.0 required=4.0 tests=FRT_VALIUM1,FRT_=VALIUM2,
FUZZY_VLIUM autolearn=disabled version=3.2.4
X-Spam-Report: * 1.9 FRT_VALIUM2 BODY: ReplaceTags: Valium (2)
* 0.0 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam
* 3.0 FRT_VALIUM1 BODY: ReplaceTags: Valium
Okay, here are the base rules:
body FRT_VALIUM1 /<inter W0><post P2>\b(?!valium)<V><A><L><I><U><M>/i
body FRT_VALIUM2 /<inter SP2><post P2>\b(?!valium)<V><A><L><I><U><M>/i
You'd first turn off the base rules:
score FRT_VALIUM1 0
score FRT_VALIUM2 0
Then create substitute versions. There are two ways you could do this.
(1) Prohibit the specific FP:
body FRT_VALIUM1_REMO /<inter W0><post
P2>\b(?!valium|vollum)<V><A><L><I><U><M>/i
body FRT_VALIUM2_REMO /<inter SP2><post
P2>\b(?!valium|vollum)<V><A><L><I><U><M>/i
or (2) ignore anything after the match:
body FRT_VALIUM1_REMO /<inter W0><post P2>\b(?!valium)<V><A><L><I><U><M>\b/i
body FRT_VALIUM2_REMO /<inter SP2><post P2>\b(?!valium)<V><A><L><I><U><M>\b/i
Both have their advantages and disadvantages.
Finally, score them and tell ReplaceTags to process them:
score FRT_VALIUM1_REMO 3.0
score FRT_VALIUM2_REMO 1.9
replace_rules FRT_VALIUM1_REMO FRT_VALIUM2_REMO
I suggest you put these in a separate .cf file in /etc/spamassassin
---------------------------------
On Thu, 19 Mar 2009, Schwaller Remo wrote:
hi john
sorry for my late reply.
> ...
> Finally, score them and tell ReplaceTags to process them:
> score FRT_VALIUM1_REMO 3.0
> score FRT_VALIUM2_REMO 1.9
> replace_rules FRT_VALIUM1_REMO FRT_VALIUM2_REMO
> I suggest you put these in a separate .cf file in /etc/spamassassin
thanks a lot for your help. it's impletented and works like a charm :)
kind regards + best wishes
remo
Horray! I am pleased to hear it's working for you.
I wonder if the SA devs will adjust the base rule? You might want to put
your override rule onto the bugzilla ticket as an attachment so they can
see something that works.
---------------------------------
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Windows Genuine Advantage (WGA) means that now you use your
computer at the sufferance of Microsoft Corporation. They can
kill it remotely without your consent at any time for any reason;
it also shuts down in sympathy when the servers at Microsoft crash.
-----------------------------------------------------------------------
6 days until the 64th anniversary of VE day
