Hi my reasons are: - More small sums added gives more reliability and less false positives than a large amount added just once. Thus more files, more reliability. - Users (sysadmins) could maintain their own spambomb lists without the risk of one being eliminated as happened with scriptRe today (I had this idea for months, but this tricked me to make the post). - it is not clear (at least I did not find) anywhere that could assure me that more than one line would be tested in a particular spambomb file. I still believe that it stops once it finds the first line that evaluates to truth, rendering the weighting system not very useful. Please inform if misunderstood it somehow. - if we want granularity, each spambomb file should test each line till the end and sum the weights. If lines do not have weigh, the weight should be 1. - It should be allowed negative weights in all files, so I could have suspicious words with positive weights and desirable words with negative weights in the same file. That would be cool. -If one decides to change the main valence for a spambomb file, than he MUST revise the entire file and change all line weights according to the new value to avoid those lines crossing the threshold and giving unexpected dangerous results. This alone has kept me from using weights! - The current weighting system is a bit weird (or at least unusual) and somewhat difficult to decide what weight we are going to give to a line because of the two weights systems based on a threshold. One have to think a lot before deciding the weight and the consequences. It would be easier with no threshold switching and just multiplier weights or different typing lines for absolute or multiplying weights. (In short: if the weighting system is difficult to understand, than multiple files would be preferable. Writing the weighted lines in a subtle different way for multiplying or absolute weight would be welcome).
Additional info: - BlackRe - Regular Expression to Identify Spam Strictly** (blackRe) should work and BLOCK mails by itself including whitelisted ones, but it still lets emails with whiza_dot_net andother URIBL pass. Thanks, Hilário Fochi Silveira At 14:17 2009-08-24, you wrote: > >Suggestion: Allow the administrator to create new > >bomb files at will with its own title, selection > >of score/block/monitoring, and score value. > >They would appear at the end of "Regex Filters / > >Spambomb" section and buttons would > >ppear/disappear in the exact same way the "Edit > >File" button appear or disappears according to > >the existence or not of the corresponding file: setting. > >We have: > >- bombSenderRe >- bombHeaderRe >- bombSubjectRe >- bombCharSets >- bombRe >- bombDataRe >- bombSuspiciousRe >- blackRe >- scriptRe > >All of them are weightable ! > >I cannot find a reason for any additional bomb definition. > >Thomas > > > > >Hilário Fochi Silveira <assp-t...@soliton.com.br> >24.08.2009 19:01 >Bitte antworten an >ASSP development mailing list <assp-test@lists.sourceforge.net> > > >An >ASSP development mailing list <assp-test@lists.sourceforge.net>, ASSP >development mailing list <assp-test@lists.sourceforge.net> >Kopie > >Thema >[Assp-test] Spambomb problems and suggestions. > > > > > > >Hello, > >I've noticed that some spambomb settings had been eliminated: > * bombError:=550 5.7.1.4 Your email appears to be spam (bombError) ... > * bombErrorReason:=1 > * DoScriptRe:=3 > * scriptRe:=file:rules/bomb_scriptRe.txt > * scriptError:=550 Your email appears to be spam (scriptError) ... >a) >It is unfortunate, because for example, I used t >scriptRe as an additional bomb file setting to >store a different setting of suspicious words >(and thus add points if a particular spam had >words in both suspicious and scriptRe > >Suggestion: Allow the administrator to create new >bomb files at will with its own title, selection >of score/block/monitoring, and score value. >They would appear at the end of "Regex Filters / >Spambomb" section and buttons would >appear/disappear in the exact same way the "Edit >File" button appear or disappears according to >the existence or not of the corresponding file: setting. > >b) >I was using the bomb error report to track if >spambomb was working or not. And it is not perfect yet (see next line). > >c) >ASSP up to Version: 1.5.1.7(0.0.06) continues to >accept e-mails with URIBL like whiza_dot_net that >should be strictly blocked by URIBL as well as BlackRe Strictly. >No 550 logs of either URIBL or Spambomb BlackRe Strick. > >Hope this helps. > >Hilário Fochi Silveira >------------------------------------------------------------------------------ >Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >30-Day >trial. Simplify your report design, integration and deployment - and focus >on >what you do best, core application coding. Discover what's new with >Crystal Reports now. http://p.sf.net/sfu/bobj-july >_______________________________________________ >Assp-test mailing list >Assp-test@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/assp-test > > > > >DISCLAIMER: >******************************************************* >This email and any files transmitted with it may be confidential, legally >privileged and protected in law and are intended solely for the use of the > >individual to whom it is addressed. >This email was multiple times scanned for viruses. There should be no >known virus in this email! >******************************************************* > >------------------------------------------------------------------------------ >Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >trial. Simplify your report design, integration and deployment - and focus on >what you do best, core application coding. Discover what's new with >Crystal Reports now. http://p.sf.net/sfu/bobj-july >_______________________________________________ >Assp-test mailing list >Assp-test@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
