>But still they get through! I've found it (a supid mistake) - but I have to work this weekend - this will be fixed until monday!
Thomas James Brown <[email protected]> 06.06.2009 07:33 Bitte antworten an ASSP development mailing list <[email protected]> An ASSP development mailing list <[email protected]> Kopie Thema Re: [Assp-test] Antwort: Re: Antwort: Re: Antwort: ClamAV - set scoring/reject based on virus database FP risk On 06/06/2009, at 2:16 PM, Thomas Eckardt/eck wrote: > James your regex is wrong and does not work (score 45 -> should be > score > 45 * 2.6 = 117) > > ~Phishing\.~=>4.6~Email.Spam\d{1,4}-SecuriteInfo~=>4.1~(Email|HTML| > Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?) > \.~=>4.6~Sanesecurity\.(Hdr|Img|ImgO|Junk|Doc|Casino) > \.~=>6.1~Sanesecurity\.(Lott|Fake|SpamImg|Job|Stk) > \.~=>6.1~Sanesecurity > \.(Loan|Porn|Bou|Dipl|Cred)\.~=>6.1~Sanesecurity\.Jurlbl\.Auto > \.~=>2.6~Sanesecurity\.Jurlbl\.~=>2.6~winnow\.phish\.~=>6.1~winnow > \.spam\.~=>2.1~INetMsg\.SpamDomain-2w\.~=>2.0~INetMsg\.~=>1.0~(MSRBL- > Images\.)~=>2.1~(MSRBL-SPAM > \.)~=>5.1~Safebrowsing~=>1.25~Heuristics~=>1.25 > > The regexes parts (like before the code changes) have to be > separated with > '|' ! > Ah, I thought the problem was that t was getting confused between the pipes in the regex and the pipe to separate the whole weighted regexes. Have added them back in: ~Phishing\.~=>4.6|~Email.Spam\d{1,4}-SecuriteInfo~=>4.1|~(Email|HTML| Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.~=>4.6| ~Sanesecurity\.(Hdr|Img|ImgO|Junk|Doc|Casino)\.~=>6.1|~Sanesecurity\. (Lott|Fake|SpamImg|Job|Stk)\.~=>6.1|~Sanesecurity\.(Loan|Porn|Bou|Dipl| Cred)\.~=>6.1|~Sanesecurity\.Jurlbl\.Auto\.~=>2.6|~Sanesecurity\.Jurlbl \.~=>2.6|~winnow\.phish\.~=>6.1|~winnow\.spam\.~=>2.1|~INetMsg \.SpamDomain-2w\.~=>2.0|~INetMsg\.~=>1.0|~(MSRBL-Images\.)~=>2.1| ~(MSRBL-SPAM\.)~=>5.1|~Safebrowsing~=>1.25|~Heuristics~=>1.25 But still they get through! Jun-6-09 15:25:02 id-65900-01208 [Worker_1] 192.168.1.2 <[email protected] > to: [email protected] Message-Score: added 45 for virus detected: 'Sanesecurity.Jurlbl.Auto.21657.UNOFFICIAL', total score for this message is 45 Jun-6-09 15:25:02 id-65900-01208 [Worker_1] [VIRUS] 192.168.1.2 <[email protected] > to: [email protected] [spam found] (virus detected: 'Sanesecurity.Jurlbl.Auto.21657.UNOFFICIAL') [Compare auto insurance rates] -> /applications/assp/discarded/65900.eml; > > Set 'MaintenanceLog' to verbose and you should see at startup a log > line > with the regex and weight for every weighted regex. > If not, there is anything wrong! > > info: $name : regex $reg - weight set to $k" > .... > .... > Regex $name: $count weighted regular expression defined Startup gives: Jun-6-09 15:28:07 [startup] Info: no valid recipient replacement rule found Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Phishing\. - weight set to 4.6 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Email.Spam \d{1,4}-SecuriteInfo - weight set to 4.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex (Email|HTML| Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\. - weight set to 4.6 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Sanesecurity \.(Hdr|Img|ImgO|Junk|Doc|Casino)\. - weight set to 6.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Sanesecurity \.(Lott|Fake|SpamImg|Job|Stk)\. - weight set to 6.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Sanesecurity \.(Loan|Porn|Bou|Dipl|Cred)\. - weight set to 6.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Sanesecurity \.Jurlbl\.Auto\. - weight set to 2.6 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Sanesecurity \.Jurlbl\. - weight set to 2.6 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex winnow\.phish \. - weight set to 6.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex winnow\.spam \. - weight set to 2.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex INetMsg \.SpamDomain-2w\. - weight set to 2.0 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex INetMsg\. - weight set to 1.0 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex (MSRBL-Images \.) - weight set to 2.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex (MSRBL-SPAM \.) - weight set to 5.1 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Safebrowsing - weight set to 1.25 Jun-6-09 15:28:07 [startup] Info: SuspiciousVirus : regex Heuristics - weight set to 1.25 Jun-6-09 15:28:07 [startup] Info: Regex SuspiciousVirus: 16 weighted regular expression defined Thanks, James. ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
