Re: rule problem basing on X-Spam-ASN - not a rule problem

Thu, 25 Apr 2013 13:06:00 -0700 

On Thu, 25 Apr 2013, Frank Gadegast wrote:


And SA is doing it right, to remove all X-Spam-lines
before its starting, so that spammer cannot trick SA.

And whatever line is inserted by ASN.pm, it needs
to be stripped too, and thats why its programmed
like it is.

But I have no still no idea how to get it done in a
perfect order, like the following

- SA strips the X-Spam-lines
- ASN.pm inserts its line including the AS
- SA runs its rules and triggeres also on the X-Spam-ASN-line

Is it time to ask the developers or file a bug ?


This doesn't help unless the plugin adds a pseud-header but in the
case of plugins that do, you can change the priority of your
rules to get them to run after the plugin.
I ran into this issue when writing rules to check the results of the
ClamAV plugin.

EG, in my "clamav.cf" file I invoke the plugin with an "eval" then have
rules to trigger off the pseudo-header that it adds. In the rules I have
lines like:

 #loadplugin ClamAV /etc/mail/spamassassin/plugins/clamav.pm  now done in 
v310.pre
 #
 full L_CLAMAV   eval:check_clamav()
 describe L_CLAMAV       Clam AntiVirus detected a virus
 score L_CLAMAV  3
 #
 header T__MY_CLAMAV     X-Spam-Virus =~ /Yes/i
 header T__MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
 header T__MY_CLAMAV_MSRBL X-Spam-Virus =~ /Yes.{1,50}(?:MSRBL|MBL)/
 header T__MY_CLAMAV_PHISH X-Spam-Virus =~ /Yes.{1,50}Phish/
 header L_UI_PHISHs X-Spam-Virus =~ /Yes.{1,50}Phishing/

 # Need to set the 'X-Spam-Virus' header rules to a "high" priority
 # so they run late and will be evaluated -after- the plugin runs
 priority T__MY_CLAMAV   9999
 priority T__MY_CLAMAV_SANE      9999
 priority T__MY_CLAMAV_MSRBL     9999
 priority T__MY_CLAMAV_PHISH     9999
 priority L_UI_PHISHs   9999
 #
 meta MY_CLAMAV_SANE     (L_CLAMAV && T__MY_CLAMAV_SANE)
 meta MY_CLAMAV_MSRBL    (L_CLAMAV && T__MY_CLAMAV_MSRBL)
[snip..]



--
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Reply via email to