Re: Rule updates?

On 11/6/2017 11:29 AM, Merijn van den Kroonenberg wrote: I saw some messages on the list indicating that rule updates were going to resume starting about a week ago.  I haven't heard anything since and still have not seen any updates.  What is the current status? Its a work in progress, there

Re: Rule updates?

> I saw some messages on the list indicating that rule updates were going > to resume starting about a week ago.  I haven't heard anything since and > still have not seen any updates.  What is the current status? Its a work in progress, there was some feedback and some changes which had to be

Re: Rule updates working again

On 06/08/2017 05:46 AM, Reindl Harald wrote: it worked exactly one time Am 06.06.2017 um 17:29 schrieb David Jones: FYI We have the rule build scripts working for updates via sa-update. Default rule scores are also updating thanks to our masscheckers out there.

Re: Rule updates are too old - 2016-06-03

If you join, you might relax a bit on rejecting spam, but saving it for masschecks.Thats what I do... I do reject something, but not everything I could. That's probably not a good idea if it leads to unrepresentative spam. In particular it may lead to botnet related tests being seriously

Re: Rule updates are too old - 2016-06-03

On 3.6.2016 19.21, John Hardin wrote: > On Fri, 3 Jun 2016, RW wrote: > >> On Fri, 03 Jun 2016 17:54:59 +0300 >> Jari Fredriksson wrote: >>> >>> If you join, you might relax a bit on rejecting spam, but saving it >>> for masschecks.Thats what I do... I do reject something, but not >>> everything

Re: Rule updates are too old - 2016-06-03

On Fri, 3 Jun 2016, RW wrote: On Fri, 03 Jun 2016 17:54:59 +0300 Jari Fredriksson wrote: If you join, you might relax a bit on rejecting spam, but saving it for masschecks.Thats what I do... I do reject something, but not everything I could. That's probably not a good idea if it leads to

Re: Rule updates are too old - 2016-06-03

On Fri, 03 Jun 2016 17:54:59 +0300 Jari Fredriksson wrote: > > If you join, you might relax a bit on rejecting spam, but saving it > for masschecks.Thats what I do... I do reject something, but not > everything I could. That's probably not a good idea if it leads to unrepresentative spam. In

Re: Rule updates are too old - 2016-06-03

3. kesäkuuta 2016 16.46.59 GMT+03:00 "Kim Roar Foldøy Hauge" kirjoitti: >On Fri, 3 Jun 2016, John Hardin wrote: > >> On Fri, 3 Jun 2016, dar...@chaosreigns.com wrote: >> >>> 20160602: Spam or ham is below threshold of 150,000: >>>

Re: Rule updates are too old - 2016-06-03

On Fri, 3 Jun 2016, John Hardin wrote: On Fri, 3 Jun 2016, dar...@chaosreigns.com wrote: 20160602: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160602 20160602: Spam: 589792, Ham: 138721 We've been hovering *just* below the ham threshold for a

Re: Rule updates are too old - 2016-06-03

On Fri, 3 Jun 2016, dar...@chaosreigns.com wrote: 20160602: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160602 20160602: Spam: 589792, Ham: 138721 We've been hovering *just* below the ham threshold for a week or so now. Anyone who can contribute

Re: Rule updates are too old - 2016-02-29

Am 29.02.2016 um 17:57 schrieb John Hardin: On Mon, 29 Feb 2016, dar...@chaosreigns.com wrote: 20160228: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160228 20160228: Spam: 108401, Ham: 191807 Masscheck is spam-starved again, rules updates will be

Re: Rule updates are too old - 2016-02-29

On Mon, 29 Feb 2016, dar...@chaosreigns.com wrote: 20160228: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160228 20160228: Spam: 108401, Ham: 191807 Masscheck is spam-starved again, rules updates will be spotty or nonexistent this week. -- John

Re: Rule updates are too old - 2016-01-23

On Sat, 23 Jan 2016, dar...@chaosreigns.com wrote: 20160122: Spam: 156567, Ham: 200399 Looks like we may get an update... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C

Re: Rule updates are too old - 2016-01-21

On 01/21/2016 05:42 PM, John Hardin wrote: On Thu, 21 Jan 2016, dar...@chaosreigns.com wrote: 20160120: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160120 20160120: Spam: 131777, Ham: 142710 Oooo, so close! My spam levels are extremely low so I've

Re: Rule updates are too old - 2016-01-21

On Thu, 21 Jan 2016, dar...@chaosreigns.com wrote: 20160120: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160120 20160120: Spam: 131777, Ham: 142710 Oooo, so close! -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/

Re: Rule updates are too old - 2016-01-20

On Wed, 20 Jan 2016, dar...@chaosreigns.com wrote: 20160119: Spam: 123699, Ham: 199560 ...almost there... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507

SARE RULEGEN, Re: Rule updates....

Ran these against my corpus. Here are the worst performers (lots in common with RW's complaints): *SPAM% HAM%S/O NAME* 0.013 0.153 0.080 __RULEGEN_PHISH_BLR6YY 0.006 0.286 0.022 __RULEGEN_PHISH_0ATBRI 0.008 0.334 0.023 __RULEGEN_PHISH_L3I0Z5 0.002 0.300 0.006

Re: SARE RULEGEN, Re: Rule updates....

On 01/09/2015 01:23 AM, Adam Katz wrote: Ran these against my corpus. Here are the worst performers (lots in common with RW's complaints): *SPAM% HAM%S/O NAME* 0.013 0.153 0.080 __RULEGEN_PHISH_BLR6YY 0.006 0.286 0.022 __RULEGEN_PHISH_0ATBRI 0.008 0.334 0.023

Re: Rule updates....

On Sat, 20 Dec 2014 12:35:04 +0100 Axb wrote: On 12/18/2014 06:27 PM, RW wrote: Unless there's a bug, the fact that those disclaimer phrases got through suggests that these rules are either intended to be very much more aggressive than the SOUGHT rules, or the ham corpus isn't good

Re: Rule updates....

On 12/18/2014 06:27 PM, RW wrote: On Tue, 16 Dec 2014 13:10:05 +0100 Axb wrote: https://sourceforge.net/projects/sare/files/ replaces any older version. leech while it lasts adjust scores if needed.. There are some rules that shouldn't be there. (I only tested a few that looked the

Re: Rule updates....

On Tue, 16 Dec 2014 13:10:05 +0100 Axb wrote: https://sourceforge.net/projects/sare/files/ replaces any older version. leech while it lasts adjust scores if needed.. There are some rules that shouldn't be there. (I only tested a few that looked the most dubious) The first is a

Re: Rule updates....

On Thu, 18 Dec 2014, RW wrote: Unless there's a bug, the fact that those disclaimer phrases got through suggests that these rules are either intended to be very much more aggressive than the SOUGHT rules, or the ham corpus isn't good enough. Probably the latter. -- John Hardin KA7OHZ

Re: Rule updates....

On 2014.12.16 07.10, Axb wrote: https://sourceforge.net/projects/sare/files/ thanks for this. it's particularly timely for us, as we've just recently been pretty badly phished. is there a method which can be used to measure/report on the efficacy of these particular rules? -ben

Re: Rule updates....

On 12/17/2014 04:08 PM, btb wrote: On 2014.12.16 07.10, Axb wrote: https://sourceforge.net/projects/sare/files/ thanks for this. it's particularly timely for us, as we've just recently been pretty badly phished. is there a method which can be used to measure/report on the efficacy of these

Re: Rule updates?

On 5/22/2014 9:04 AM, Tom Hendrikx wrote: After checking the results of sa-update and doing some manual dns queries, it seems that last rule updates were done more than a month ago. This used to be an almost daily process, even when there were only score changes due to masschecks. Any specific

Re: Rule updates?

On 05/22/2014 03:36 PM, Kevin A. McGrail wrote: On 5/22/2014 9:04 AM, Tom Hendrikx wrote: After checking the results of sa-update and doing some manual dns queries, it seems that last rule updates were done more than a month ago. This used to be an almost daily process, even when there were

Re: Rule updates

On Wed, Oct 19, 2011 at 13:51, John Hardin jhar...@impsec.org wrote: On Wed, 19 Oct 2011, dar...@chaosreigns.com wrote: On 10/19, Jim Popovitch wrote: Is the missing entity one person, several people, many people?  Was there an untimely death?   I believe everyone is now aware that there

Re: Rule updates

On Sun, 30 Oct 2011, Jim Popovitch wrote: I just got a new update. THANKS Now, what can I do to contribute to providing updates? Start generating hand-classified spam and ham corpora, set up SVN to keep a local up-to-date snapshot of SA and the rules sandboxes, then start running

Re: Rule updates

On 10/5/2011 5:46 PM, Jim Popovitch wrote: On Wed, Oct 5, 2011 at 17:41, RW rwmailli...@googlemail.com wrote: The usual reason for a hiatus is that too much spam or ham has aged-out in the corpora, and a top-up is needed. So, how do we get it top-up'ed? Anyone know if the 'usual reason'

Re: Rule updates

On 10/05, Jim Popovitch wrote: On Wed, Oct 5, 2011 at 17:41, RW rwmailli...@googlemail.com wrote: The usual reason for a hiatus is that too much spam or ham has aged-out in the corpora, and a top-up is needed. I think it's more accurate to say the usual reason is that too many people have

Re: Rule updates

On Wed, Oct 19, 2011 at 12:26, dar...@chaosreigns.com wrote: On 10/05, Jim Popovitch wrote: On Wed, Oct 5, 2011 at 17:41, RW rwmailli...@googlemail.com wrote: The usual reason for a hiatus is that too much spam or ham has aged-out in the corpora, and a top-up is needed. I think it's more

Re: Rule updates

On 10/19, Jim Popovitch wrote: Is the missing entity one person, several people, many people? Was there an untimely death? I believe everyone is now aware that there exists a problem, how to we bridge the gap? My guess is that the only person familiar with the system is the original author

Re: Rule updates

On Wed, 19 Oct 2011, dar...@chaosreigns.com wrote: On 10/19, Jim Popovitch wrote: Is the missing entity one person, several people, many people? Was there an untimely death? I believe everyone is now aware that there exists a problem, how to we bridge the gap? My guess is that the only

Re: Rule updates

On 04-10-2011 15:39, Michael Scheidell wrote: what is 'long'? As you can see from your own example, rules were updated daily until august 26th. Then there hasn't been any updates since. That is 'long' for me. I can also see that updates are daily for 3.4.0 currently. Does that mean that

Re: Rule updates

On 04-10-2011 15:43, Jim Popovitch wrote: what is 'long'? Since 27-Aug-2011 ? So, not just me then. -- Lars

Re: Rule updates

On Wed, 05 Oct 2011 09:50:08 +0200 Lars Jørgensen wrote: On 04-10-2011 15:39, Michael Scheidell wrote: what is 'long'? As you can see from your own example, rules were updated daily until august 26th. Then there hasn't been any updates since. That is 'long' for me. I can also see

Re: Rule updates

On Wed, Oct 5, 2011 at 17:41, RW rwmailli...@googlemail.com wrote: The usual reason for a hiatus is that too much spam or ham has aged-out in the corpora, and a top-up is needed. So, how do we get it top-up'ed? -Jim P.

Re: Rule updates

On 10/4/11 3:07 AM, Lars Jørgensen wrote: Hi, Is it me or has it been a long time since there has been an update to the spamassassin ruleset? what is 'long'? ls -lt *.tar.gz | grep 'gz$' | head -rw-r--r-- 1 rsync rsync 170211 Oct 4 04:51 1178724.tar.gz -- 3.4.0 -rw-r--r-- 1 rsync

Re: Rule updates

On Tue, Oct 4, 2011 at 09:39, Michael Scheidell michael.scheid...@secnap.com wrote: On 10/4/11 3:07 AM, Lars Jørgensen wrote: Hi, Is it me or has it been a long time since there has been an update to the spamassassin ruleset? what is 'long'? Since 27-Aug-2011 ? $ ll

Re: Rule updates

On 04/10/2011 14:39, Michael Scheidell wrote: On 10/4/11 3:07 AM, Lars Jørgensen wrote: Hi, Is it me or has it been a long time since there has been an update to the spamassassin ruleset? Most common reasons for a problem (IME, on FreeBSD) Incorrect permissions on directory Incorrect

Re: Rule updates

On 6/27/2011 7:03 AM, dar...@chaosreigns.com wrote: On 06/27, Lars Jørgensen wrote: I noticed the rules for 3.3.1 were updated during the weekend (don't worry about my workaholism, I noticed this monday morning ^-^). I was preparing to upgrade to 3.3.2, but seeing the updated rules

Re: Rule updates

The rule updates is handled by themselfs but some require certains versions of spamassassin (see /var/lib/spamassassin) or man sa-update Lars Jørgensen-6 wrote: Hi, I noticed the rules for 3.3.1 were updated during the weekend (don't worry about my workaholism, I noticed this monday

Re: Rule updates

On 06/27, Lars Jørgensen wrote: I noticed the rules for 3.3.1 were updated during the weekend (don't worry about my workaholism, I noticed this monday morning ^-^). I was preparing to upgrade to 3.3.2, but seeing the updated rules makes me doubt whether the upgrade is necessary. I

Re: Rule Updates

Patrick schrieb: I'm a little confused on rule updates. If you are using SA version 3.04 and run sa-update and/or rulesdujour, will the rules be updated only to the 3.0 branch or will they be updated to the most current branch and just fail if there are dependency issues? rulesdujour: You

Re: Rule Updates

On Tue, Oct 31, 2006 at 11:17:56AM -0500, Patrick wrote: I'm a little confused on rule updates. If you are using SA version 3.04 and run sa-update and/or rulesdujour, will the rules be updated only to the 3.0 branch or will they be updated to the most current branch and just fail if there

Re: Rule Updates

Matthias Haegele wrote: Patrick schrieb: I'm a little confused on rule updates. If you are using SA version 3.04 and run sa-update and/or rulesdujour, will the rules be updated only to the 3.0 branch or will they be updated to the most current branch and just fail if there are dependency