using V2 the following is the case (and mostly this is also happen to V1) >Thus more files, more reliability. there is no reason to use more files - more files -> more confusing minds Just learn something (some more) about Perl regular expressions - and you'll see that 2/3 files are enough
>scriptRe is still available (and you can combine files, moving the lines to an other one) >that more than one line would be tested all lines are tested - all bombs are detected - but the resulting penalty is restricted to bombMaxPenaltyVal only the matching bomb with the highest PBvalue is logged per default - if you want to see all, set BombLog to verbose >each spambomb file should test each line till the end No - headerbomb files are testing the header - databomb files testing the data - black, script and suspiciouse are testing the complete mail >If lines do not have weight, the weight should be 1 this is the case >It should be allowed negative weights this is the case >If one decides to change the main valence for a >spambomb file, than he MUST revise the entire >file only if he wants to change the relation valence * weight >The current weighting system is a bit weird (or >at least unusual) and somewhat difficult it is as flexible as possible - and yes you have to think about what you want to do - and some mathematics will help - BlackRe - Regular Expression to Identify Spam >Strictly** (blackRe) should work and BLOCK mails >by itself including whitelisted ones, but it >still lets emails with whiza_dot_net andother URIBL pass. this works! - and what has BlackRe to do with URIBL? all bomb tests blocking whitelisted mails if bombReWL is selected Please keep in mind: V1 is for beginners - V2 is much more flexible, but also much more complex - before you switch to V2 Thomas Hilário Fochi Silveira <assp-t...@soliton.com.br> 24.08.2009 20:58 Bitte antworten an ASSP development mailing list <assp-test@lists.sourceforge.net> An ASSP development mailing list <assp-test@lists.sourceforge.net> Kopie Thema Re: [Assp-test] Antwort: Spambomb problems and suggestions. Hi my reasons are: - More small sums added gives more reliability and less false positives than a large amount added just once. Thus more files, more reliability. - Users (sysadmins) could maintain their own spambomb lists without the risk of one being eliminated as happened with scriptRe today (I had this idea for months, but this tricked me to make the post). - it is not clear (at least I did not find) anywhere that could assure me that more than one line would be tested in a particular spambomb file. I still believe that it stops once it finds the first line that evaluates to truth, rendering the weighting system not very useful. Please inform if misunderstood it somehow. - if we want granularity, each spambomb file should test each line till the end and sum the weights. If lines do not have weigh, the weight should be 1. - It should be allowed negative weights in all files, so I could have suspicious words with positive weights and desirable words with negative weights in the same file. That would be cool. -If one decides to change the main valence for a spambomb file, than he MUST revise the entire file and change all line weights according to the new value to avoid those lines crossing the threshold and giving unexpected dangerous results. This alone has kept me from using weights! - The current weighting system is a bit weird (or at least unusual) and somewhat difficult to decide what weight we are going to give to a line because of the two weights systems based on a threshold. One have to think a lot before deciding the weight and the consequences. It would be easier with no threshold switching and just multiplier weights or different typing lines for absolute or multiplying weights. (In short: if the weighting system is difficult to understand, than multiple files would be preferable. Writing the weighted lines in a subtle different way for multiplying or absolute weight would be welcome). Additional info: - BlackRe - Regular Expression to Identify Spam Strictly** (blackRe) should work and BLOCK mails by itself including whitelisted ones, but it still lets emails with whiza_dot_net andother URIBL pass. Thanks, Hilário Fochi Silveira At 14:17 2009-08-24, you wrote: > >Suggestion: Allow the administrator to create new > >bomb files at will with its own title, selection > >of score/block/monitoring, and score value. > >They would appear at the end of "Regex Filters / > >Spambomb" section and buttons would > >ppear/disappear in the exact same way the "Edit > >File" button appear or disappears according to > >the existence or not of the corresponding file: setting. > >We have: > >- bombSenderRe >- bombHeaderRe >- bombSubjectRe >- bombCharSets >- bombRe >- bombDataRe >- bombSuspiciousRe >- blackRe >- scriptRe > >All of them are weightable ! > >I cannot find a reason for any additional bomb definition. > >Thomas > > > > >Hilário Fochi Silveira <assp-t...@soliton.com.br> >24.08.2009 19:01 >Bitte antworten an >ASSP development mailing list <assp-test@lists.sourceforge.net> > > >An >ASSP development mailing list <assp-test@lists.sourceforge.net>, ASSP >development mailing list <assp-test@lists.sourceforge.net> >Kopie > >Thema >[Assp-test] Spambomb problems and suggestions. > > > > > > >Hello, > >I've noticed that some spambomb settings had been eliminated: > * bombError:=550 5.7.1.4 Your email appears to be spam (bombError) ... > * bombErrorReason:=1 > * DoScriptRe:=3 > * scriptRe:=file:rules/bomb_scriptRe.txt > * scriptError:=550 Your email appears to be spam (scriptError) ... >a) >It is unfortunate, because for example, I used t >scriptRe as an additional bomb file setting to >store a different setting of suspicious words >(and thus add points if a particular spam had >words in both suspicious and scriptRe > >Suggestion: Allow the administrator to create new >bomb files at will with its own title, selection >of score/block/monitoring, and score value. >They would appear at the end of "Regex Filters / >Spambomb" section and buttons would >appear/disappear in the exact same way the "Edit >File" button appear or disappears according to >the existence or not of the corresponding file: setting. > >b) >I was using the bomb error report to track if >spambomb was working or not. And it is not perfect yet (see next line). > >c) >ASSP up to Version: 1.5.1.7(0.0.06) continues to >accept e-mails with URIBL like whiza_dot_net that >should be strictly blocked by URIBL as well as BlackRe Strictly. >No 550 logs of either URIBL or Spambomb BlackRe Strick. > >Hope this helps. > >Hilário Fochi Silveira >------------------------------------------------------------------------------ >Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >30-Day >trial. Simplify your report design, integration and deployment - and focus >on >what you do best, core application coding. Discover what's new with >Crystal Reports now. http://p.sf.net/sfu/bobj-july >_______________________________________________ >Assp-test mailing list >Assp-test@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/assp-test > > > > >DISCLAIMER: >******************************************************* >This email and any files transmitted with it may be confidential, legally >privileged and protected in law and are intended solely for the use of the > >individual to whom it is addressed. >This email was multiple times scanned for viruses. There should be no >known virus in this email! >******************************************************* > >------------------------------------------------------------------------------ >Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >trial. Simplify your report design, integration and deployment - and focus on >what you do best, core application coding. Discover what's new with >Crystal Reports now. http://p.sf.net/sfu/bobj-july >_______________________________________________ >Assp-test mailing list >Assp-test@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
