Re: rule for empty text + GIF or PDF ?
At 20:33 13-08-2007, Jo Rhett wrote: In specific, the original question referenced SARE rulesets and thus the obvious assumption was that it was a SARE rule, and I had done the search and hadn't found the rule so I needed to know which SARE ruleset that I wasn't currently downloading provided this. The original question was posted by clsgis. In his answer, Theo Van Dinter mentioned that a rule for PDF has been available via sa-update for weeks. Jo Rhett asked where in reply to that message. Had the person included the information that it was not a SARE ruleset but a normal SA ruleset, then I would have understood. I provided the rule name and description together with a link to the RuleUpdates webpage on the SpamAssassin Wiki as it explains how to locate the rules downloaded by sa-update. The webpage also has an example of how to use sa-update and how to debug if there is a problem doing updates. I assumed that the threaded discussion conveyed the fact that I was referring to a rule available from the updates.spamassassin.org channel. Regards, -sm
Re: rule for empty text + GIF or PDF ?
Kai Schaetzl wrote: Jo Rhett wrote on Sat, 11 Aug 2007 09:31:05 -0700: No, I didn't. I asked where a given rule was. I was given a reference to a page that described how to set up sa-update. You were given the exact name of the rule, that reference to sa-update was an additional courtesy as it is easy to know from reading documentation or this list to know where the rules are stored, anyway. It would have probably answered all your remaining questions if there were any left. If you had cared to read it. If you know the name of the rule you can easily check if it's available for you or not. That was *exactly* what you wanted to know. Quoting yourself: "Where?". Where, as in Where can I find it. Not where can I start at the beginning. Saying that if I opened an encyclopedia I would eventually find the answer is also true but not helpful. In specific, the original question referenced SARE rulesets and thus the obvious assumption was that it was a SARE rule, and I had done the search and hadn't found the rule so I needed to know which SARE ruleset that I wasn't currently downloading provided this. Had the person included the information that it was not a SARE ruleset but a normal SA ruleset, then I would have understood. Anyway, the ruleset simply doesn't work. I've got a dozen good examples of empty PDF messages that the rule doesn't hit. I'll send documentation later tonight after I finish other work. -- Jo Rhett Net Consonance ... net philanthropy, open source and other randomness
Re: rule for empty text + GIF or PDF ?
Gene Heskett wrote on Sat, 11 Aug 2007 23:43:38 -0400: > 1: sa-update is NOT pulling new PDFInfo.pm or pdfinfo.cf files even when they > are available. of course not! > 2: spamassassin --lint -D ignores these rules when we install them by hand. which means you probably haven't installed PDFInfo correctly? > Now is the question sufficiently illuminated? Not at all. This is your first posting in this thread. This thread is about "rule for empty text + GIF or PDF". Your posting is about "how do I install or make use of PDFInfo". So, please go ahead and post a new thread and include all the information that is necessary for others to help you. If you did that already elsewhere, then please keep going there. But please don't hijack threads with completely different topics and pretend it fits. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: rule for empty text + GIF or PDF ?
On Saturday 11 August 2007, Bob Proulx wrote: >Jo Rhett wrote: >> No, I didn't. I asked where a given rule was. I was given a reference >> to a page that described how to set up sa-update. > >That page not only described how to set up sa-update it also described >where the files were stored. Also SM included the name of the rule >that was expected to catch pdf spam. Those two things were the two >key pieces of information that answered the question. > >> This is exactly identical to giving someone a reference to "how to >> program in c" when they've asked a very specific question about a >> function. Perhaps it wasn't intended as an insult, but as an answer its >> utterly worthless. > >Many people believe that because email is ephemeral (aka the net has >no memory) that it is much better to place answers in documentation >pages such as on the web rather than to place answers in email. >Otherwise the same answers will need to be posted again and again and >any incorrect answers will remain in the archives forever possibly >misleading those that look them up later. Also most people consider >having documentation available to be superior to having an email >archive of questions and answers. > >A common trend these days is to document an answer on a web page and >simply refer to the web page when answering questions. This way >incorrect answers can be corrected on the web page when in the future >other people look up the same information. The answer you were given >was following that best practice. > >On the documentation page you were pointed to you must have missed >this section which answers your question. > > Installed Updates > > When updates are downloaded, they are put into a directory under the > local state dir (default /var/lib/spamassassin/) > similar to: > > /var/lib/spamassassin > `-- 3.001004 > > |-- updates_spamassassin_org > > `-- updates_spamassassin_org.cf > > The files from the update go into updates_spamassassin_org, and the > *.cf files are then included by updates_spamassassin_org.cf, which > also keeps track of what update version is installed. Therefore, if it > is desired to change the update directory, the .cf and the update > directory will exist there. > >There is the answer to your question. The files are stored in >/var/lib/spamassassin under a versioned directory under the >subdirectory there. > >SM wrote: >> TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint > >That is the key piece of information. Using 'grep' to find which file >contains that rule is now trivial. On my Debian Stable Etch system >running the backports spamassassin with sa-update (justifying the >older version number) shows: > > grep -l -r TVD_PDF_FINGER01 /var/lib/spamassassin > /var/lib/spamassassin/3.001007/updates_spamassassin_org/80_additional.cf > >> FYI I have seen several other threads with people complaining that >> sa-update is not providing the PDF updates, so this is apparently a >> common problem. > >The sa-update rules catch most of the pdf spam here but I do see a few >pdf spams slip through the rules because they are not perfect. Rarely >are spam rules 100% perfect and seeing some corner cases slip through >is not unusual. It is a process of continual improvement. > >Bob We're missing the point here Bob, so let me repeat myself, or re-word it: 1: sa-update is NOT pulling new PDFInfo.pm or pdfinfo.cf files even when they are available. 2: spamassassin --lint -D ignores these rules when we install them by hand. Ergo, we are pretty well convinced its not working. Grepping our logs for mentions gets me this, and that log is for the last week: [EMAIL PROTECTED] ~]# grep PDFInfo /var/log/maillog Aug 8 11:02:34 coyote spamd[557]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/PDFInfo.pm line 329. The only error all week, and spamassassin --lint -D didn't report it. It looks like a typu to me but then I'm a perl dummy. Or maybe just a dummy. Now is the question sufficiently illuminated? Thanks for any clues thrown our way, we seem to not have any. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Make a wish, it might come true.
Re: rule for empty text + GIF or PDF ?
Jo Rhett wrote on Sat, 11 Aug 2007 09:31:05 -0700: > No, I didn't. I asked where a given rule was. I was given a reference > to a page that described how to set up sa-update. You were given the exact name of the rule, that reference to sa-update was an additional courtesy as it is easy to know from reading documentation or this list to know where the rules are stored, anyway. It would have probably answered all your remaining questions if there were any left. If you had cared to read it. If you know the name of the rule you can easily check if it's available for you or not. That was *exactly* what you wanted to know. Quoting yourself: "Where?". > Perhaps it wasn't intended as an insult Are you talking about your own response? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: rule for empty text + GIF or PDF ?
Jo Rhett wrote: > No, I didn't. I asked where a given rule was. I was given a reference > to a page that described how to set up sa-update. That page not only described how to set up sa-update it also described where the files were stored. Also SM included the name of the rule that was expected to catch pdf spam. Those two things were the two key pieces of information that answered the question. > This is exactly identical to giving someone a reference to "how to > program in c" when they've asked a very specific question about a > function. Perhaps it wasn't intended as an insult, but as an answer its > utterly worthless. Many people believe that because email is ephemeral (aka the net has no memory) that it is much better to place answers in documentation pages such as on the web rather than to place answers in email. Otherwise the same answers will need to be posted again and again and any incorrect answers will remain in the archives forever possibly misleading those that look them up later. Also most people consider having documentation available to be superior to having an email archive of questions and answers. A common trend these days is to document an answer on a web page and simply refer to the web page when answering questions. This way incorrect answers can be corrected on the web page when in the future other people look up the same information. The answer you were given was following that best practice. On the documentation page you were pointed to you must have missed this section which answers your question. Installed Updates When updates are downloaded, they are put into a directory under the local state dir (default /var/lib/spamassassin/) similar to: /var/lib/spamassassin `-- 3.001004 |-- updates_spamassassin_org `-- updates_spamassassin_org.cf The files from the update go into updates_spamassassin_org, and the *.cf files are then included by updates_spamassassin_org.cf, which also keeps track of what update version is installed. Therefore, if it is desired to change the update directory, the .cf and the update directory will exist there. There is the answer to your question. The files are stored in /var/lib/spamassassin under a versioned directory under the subdirectory there. SM wrote: > TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint That is the key piece of information. Using 'grep' to find which file contains that rule is now trivial. On my Debian Stable Etch system running the backports spamassassin with sa-update (justifying the older version number) shows: grep -l -r TVD_PDF_FINGER01 /var/lib/spamassassin /var/lib/spamassassin/3.001007/updates_spamassassin_org/80_additional.cf > FYI I have seen several other threads with people complaining that > sa-update is not providing the PDF updates, so this is apparently a > common problem. The sa-update rules catch most of the pdf spam here but I do see a few pdf spams slip through the rules because they are not perfect. Rarely are spam rules 100% perfect and seeing some corner cases slip through is not unusual. It is a process of continual improvement. Bob
Re: rule for empty text + GIF or PDF ?
Kai Schaetzl wrote: Jo Rhett wrote on Fri, 10 Aug 2007 20:30:37 -0700: Thank you for the very useless reference to sa-update. Please, don't do this! You got a nice answer that exactly answered your question. No, I didn't. I asked where a given rule was. I was given a reference to a page that described how to set up sa-update. This is exactly identical to giving someone a reference to "how to program in c" when they've asked a very specific question about a function. Perhaps it wasn't intended as an insult, but as an answer its utterly worthless. FYI I have seen several other threads with people complaining that sa-update is not providing the PDF updates, so this is apparently a common problem. -- Jo Rhett Net Consonance ... net philanthropy, open source and other randomness
Re: rule for empty text + GIF or PDF ?
Jo Rhett wrote on Fri, 10 Aug 2007 20:30:37 -0700: > Thank you for the very useless reference to sa-update. Please, don't do this! You got a nice answer that exactly answered your question. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: rule for empty text + GIF or PDF ?
SM wrote: At 19:39 10-08-2007, Jo Rhett wrote: Where? I'm using sa-update and almost all of the sare rulesets, and I'm getting a metric ton of these. Searching rulesemporium for "empty" or "pdf" gets nothing. TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint http://wiki.apache.org/spamassassin/RuleUpdates Thank you for the very useless reference to sa-update. As my original e-mail said, I'm running sa-update (and it works) and I'm also using sa-update to get about 40 SARE channels, and those work. I don't see any sare channels that deal with PDF empty text spam. -- Jo Rhett Net Consonance ... net philanthropy, open source and other randomness
Re: rule for empty text + GIF or PDF ?
At 19:39 10-08-2007, Jo Rhett wrote: Where? I'm using sa-update and almost all of the sare rulesets, and I'm getting a metric ton of these. Searching rulesemporium for "empty" or "pdf" gets nothing. TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint http://wiki.apache.org/spamassassin/RuleUpdates Regards, -sm
Re: rule for empty text + GIF or PDF ?
Theo Van Dinter wrote: Sure, one for PDF has been available via sa-update for weeks. Where? I'm using sa-update and almost all of the sare rulesets, and I'm getting a metric ton of these. Searching rulesemporium for "empty" or "pdf" gets nothing. -- Jo Rhett Net Consonance ... net philanthropy, open source and other randomness
Re: rule for empty text + GIF or PDF ?
On Wed, Aug 08, 2007 at 01:19:47PM -0700, clsgis wrote: > I want to give those a really high score. False positives when there is no > text in > the message are acceptable. Hoping someone has a rule to do it. Sure, one for PDF has been available via sa-update for weeks. -- Randomly Selected Tagline: "Marriage is like pi - natural, irrational, and very important." - Lisa Hoffman pgphbolN6AkxN.pgp Description: PGP signature