[Mimedefang] Fw: [Sare-users] Spam with numbers in subj and body
Kevin A. McGrail
kmcgrail at pccc.com
Thu Jun 8 08:39:20 EDT 2006
> That __KAM_NUMBER2 test is identical to: "body NAME /\d/", or
> it matches every mail that contains a number in the body. Now I'm
> obviously in the wrong domain to perform a good test on that, but
> just as an example I took the archives of this mailinglist as far
> as I had it online, and I found 7881 matching messages out of
> 8860 (89%), while in some pseudo-random sampling of spam I have
> here, it's 4678 messages out of 5112 (91.5%).
__ marks rules that are partial rules. Therefore, you are taking it out of context by running it in a standalone capacity.
I'm aware that it marks any email that has digits in the body. My plan is to change it to {3,6} because my theory is that the number emails all have numbers greater than 3. If you or others have input on this fact, I'd like it to hear it. However, I have received very few of these emails though I have definitely tracked their passing on numerous servers.
Rules are a gradual process for me. I build rules, refine, test and then move then eventually if I feel it has mass-desire, I move it into the SA rulesrc sandbox for further testing and promotion on the SA Nightly Mass Checks. But, taking a partial rule and claiming it has False Positives and using it against me is bad evidence. If you can point out a false positive/negative caused by the rule as a whole, I'm open to suggestions and comments, but I really feel quite attacked over what was trying to be a helpful.
In the meantime, I'll submit the rule to the SA sandbox for masschecks on it earlier than I would have with 1,6 and we'll see what the SA corpus response is like for FPs. The committed revision was 412731.
Sincerely,
KAM
More information about the MIMEDefang
mailing list