On Thu, 15 Jun 2017, Gerald Turner wrote:
spamd[32137]: rules: meta test FREEMAIL_FORGED_FROMDOMAIN has dependency
'HEADER_FROM_DIFFERENT_DOMAINS' with a zero score
spamd[31552]: rules: meta test __FORM_FRAUD_3 has dependency 'LOTTO_AGENT'
with a zero score
spamd[31552]: rules: meta test __MONEY_FRAUD_3 has dependency 'LOTTO_AGENT'
with a zero score
spamd[31552]: rules: meta test __FORM_FRAUD_5 has dependency 'LOTTO_AGENT'
with a zero score
spamd[31552]: rules: meta test __ADVANCE_FEE_4_NEW has dependency
'LOTTO_AGENT' with a zero score
spamd[31552]: rules: meta test __MONEY_FRAUD_8 has dependency 'LOTTO_AGENT'
with a zero score
spamd[31552]: rules: meta test __ADVANCE_FEE_2_NEW has dependency
'LOTTO_AGENT' with a zero score
spamd[31552]: rules: meta test __MONEY_FRAUD_5 has dependency 'LOTTO_AGENT'
with a zero score
spamd[31552]: rules: meta test __ADVANCE_FEE_3_NEW has dependency
'LOTTO_AGENT' with a zero score
spamd[31552]: rules: meta test __ADVANCE_FEE_5_NEW has dependency
'LOTTO_AGENT' with a zero score
spamd[31552]: rules: meta test __FORM_FRAUD has dependency 'LOTTO_AGENT' with
a zero score
- Is there a bug with the project's sa-update channel / auto-
mass-check setup?
That's what it sounds like to me - it should not be omitting or zeroing
the scores of rules that participate in metas.
Something is odd. This didn't come up on the old masscheck host, but the
score generation code should not have changed since then...
It looks like it's not setting both the net and non-net scores for a few
rules:
score FROM_IN_TO_AND_SUBJ 1.099 0.000 1.099 0.000
score HEADER_FROM_DIFFERENT_DOMAINS 0.001 0.000 0.001 0.000
score HK_SCAM_N8 2.506 0.000 2.506 0.000
score LOTTO_AGENT 2.609 0.000 2.609 0.000
The non-network-enabled scores should only be zero for rules marked as
being network-dependent rules, and *all* rules should have a nonzero
network-enabled score (which appears to be the problem here).
Something else odd is going on in the score generation: some
well-performing rules (notably URI_WP_HACKED) are now getting scored at 1
point. There are only 56 rules listed in 72_scores.cf (the output from the
masscheck score generator), the rest would be defaulting to 1 point.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If you ask amateurs to act as front-line security personnel,
you shouldn't be surprised when you get amateur security.
-- Bruce Schneier
-----------------------------------------------------------------------
3 days until SWMBO's Birthday
