Re: How do I find a parent rule for a test?

Mon, 16 Sep 2013 10:21:22 -0700 

Hi John,

Thanks for the reply. I could get the above said rule as a "meta" one.
Thanks for that. One more thing I was hoping you could help me with.

Can you explain as to what's the difference between rules under
"./rules" and under "./rulesrc/sandbox/" directory? The reason I want
to know this is because I've a requirement where I want to disable
everything (meaning *all* rules) except a locally hosted URIBL). I was
hoping that I could do this by adding the output of the below command.
(running in the source code).

cat rules/*.cf  | grep -E '^(header|body)'  | awk '{print $2}' | sed
's/^/score /' | sed 's/$/ 0/'

But, to my surprise, it didn't help. I still had various checks stull
getting applied like __HAS_TO, __HAS_ERRORS_TO etc etc. Any idea as to
what can be done about that?


On Mon, Sep 16, 2013 at 10:07 PM, John Hardin <jhar...@impsec.org> wrote:
> On Mon, 16 Sep 2013, Abhijeet Rastogi wrote:
>
>> Problem is, how do I know that a certain rule like __RCVD_IN_NJABL is
>> a base rule for others?
>
>
> The two leading underscores in the rule name indicate that the rule, by
> itself, is not assigned a score, thus, by itself, does not affect the
> overall score of the message at all. It must appear in a "meta" rule,
> possibly with other rules, before it can be assigned a score and affect the
> overall message score. So, at the most basic level, any rule having a name
> that starts with two underscores is _inherently_ a base for other rules.
>
> In order to determine *which* rules it's a base for, you have to look for
> that rule name in the config files. This isn't too easy to do online, you
> pretty much have to grep the rules files in a local install.
>
> --
>  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
>  jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
>  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
>   adware architecture incorporating spyware, profiling, competitor
>   suppression and delivery confirmation (U.S. Patent #20070157227)
> -----------------------------------------------------------------------
>  Tomorrow: the 226th anniversary of the signing of the U.S. Constitution



-- 
Regards,
Abhijeet Rastogi (shadyabhi)
http://blog.abhijeetr.com

Reply via email to