Fritz Borgstedt wrote: > There is nothing wrong in the example, it shows the result of the new > additional "scoring regex" for suspicious words. The default of that > is "unsubscribe". "unsubscribe" is also in default redre. It is > described as an addition in the changelog: "-suspicios bomb regular > expression check added (for scoring only)".
Please look at my example below. There is absolutely *nothing* in my scriptRe that would match what is show in the logs. It is only a *redRe* match. As I expressed in a previous email, I am seeing in my logs and in the ASSP headers regex matches that could *only* come from my redRe matching with logging information indicating a scriptRe match - and getting blocked accordingly: What I am seeing are emails that have matched the redRe, and then being handled and post-processed by ASSP as a scriptRe. In the example below, a redRe match somehow got changed into a scriptRe match. There is absolutely nothing in my scriptRe that would match match the same content as the redRe match as shown in this example. When I run the e-mail through the Analyzer, I only get the *redRe* match - as expected based on the message content. ---------- Jul-11-07 11:53:00 Connected: X.X.X.X:38249 -> Y.Y.Y.Y:25 -> Y.Y.Y.Y:26 Jul-11-07 11:53:00 id-41691808 X.X.X.X <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Regex:Red 'Subject: RE: check this' Jul-11-07 11:53:01 [Script] id-41691808 X.X.X.X <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] deleting spamming whitelisted tuplet: (X.X.X.0,senderdomain.tld) age: 1s Jul-11-07 11:53:01 [ScriptRe] id-41691808 X.X.X.X <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] ScriptRe: 'Subject: RE: check this' RE_check_this_out_ Jul-11-07 11:53:01 [ScriptRe] id-41691808 X.X.X.X <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] is disconnected ---------- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
