spamasssassin possible extended to support yara just like clamav 0.99 now do ?

2015-12-18 Thread Benny Pedersen
i think clamav is a very good virus scanner, but see more and more fokus on clamav begins to make spamscanning and reject of valid mails for maillists, i think its more time to think about it again ? same fault maked in amavisd-new :(

Re: spamasssassin possible extended to support yara just like clamav 0.99 now do ?

2015-12-18 Thread Axb
On 12/18/2015 10:58 AM, Benny Pedersen wrote: i think clamav is a very good virus scanner, but see more and more fokus on clamav begins to make spamscanning and reject of valid mails for maillists, i think its more time to think about it again ? same fault maked in amavisd-new :( Some third

redirector_pattern question

2015-12-18 Thread Paul Stead
After the messages last night I've been looking into the redirector_pattern config option - I'm seeing weird results... Given the redirector_pattern of: redirector_pattern m'https?://www.google.com/url?q=([^&]+).*'i I've noticed that spamassassin can sometimes miss - I don't think it's to do

Re: Google redirects

2015-12-18 Thread Axb
On 12/18/2015 04:17 PM, Mark Martinec wrote: On 2015-12-17 22:41, Axb wrote: could you make a version using redirector_pattern so the redirected target can be looked up via URIBL plugin? Isn't this already the case? Redirect targets are added to a list of URIs and are subject to same rules as

Re: Google redirects

2015-12-18 Thread Mark Martinec
On 2015-12-18 16:29, Axb wrote: On 12/18/2015 04:17 PM, Mark Martinec wrote: On 2015-12-17 22:41, Axb wrote: could you make a version using redirector_pattern so the redirected target can be looked up via URIBL plugin? Isn't this already the case? Redirect targets are added to a list of URIs

Re: Google redirects

2015-12-18 Thread Mark Martinec
On 2015-12-17 22:41, Axb wrote: could you make a version using redirector_pattern so the redirected target can be looked up via URIBL plugin? Isn't this already the case? Redirect targets are added to a list of URIs and are subject to same rules as directly collected URIs. Mark

Re: redirector_pattern question

2015-12-18 Thread Mark Martinec
On 2015-12-18 11:19, Paul Stead wrote: After the messages last night I've been looking into the redirector_pattern config option - I'm seeing weird results... Given the redirector_pattern of: redirector_pattern m'https?://www.google.com/url?q=([^&]+).*'i I've noticed that spamassassin can

Re: Google redirects

2015-12-18 Thread John Hardin
On Fri, 18 Dec 2015, Mark Martinec wrote: On 2015-12-18 16:29, Axb wrote: On 12/18/2015 04:17 PM, Mark Martinec wrote: > On 2015-12-17 22:41, Axb wrote: > > could you make a version using redirector_pattern so the redirected > > target can be looked up via URIBL plugin? > > Isn't this

Re: Google redirects

2015-12-18 Thread Joe Quinn
On 12/18/2015 11:32 AM, John Hardin wrote: On Fri, 18 Dec 2015, Mark Martinec wrote: On 2015-12-18 16:29, Axb wrote: On 12/18/2015 04:17 PM, Mark Martinec wrote: > On 2015-12-17 22:41, Axb wrote: > > could you make a version using redirector_pattern so the redirected > > target can be

Re: Google redirects

2015-12-18 Thread John Hardin
suspicious. It's already there as a subrule for masscheck eval and use in metas: http://ruleqa.spamassassin.org/20151218-r1720729-n/__GOOG_REDIR/detail SPAM% HAM%S/O 0.3357 0.0288 0.921 ~12% of spam hits are at <5 points. It's meta'd for score in a couple of rules: http://rul

Re: Google redirects

2015-12-18 Thread John Hardin
On Fri, 18 Dec 2015, Axb wrote: On 12/18/2015 04:17 PM, Mark Martinec wrote: On 2015-12-17 22:41, Axb wrote: > could you make a version using redirector_pattern so the redirected > target can be looked up via URIBL plugin? Isn't this already the case? Redirect targets are added to a list

Re: Google redirects

2015-12-18 Thread John Hardin
ommiting s? now And this in my sandbox, with a different pattern: uri __GOOG_MALWARE_DNLD m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i I will broaden that a bit. could you make a version using redirector_pattern so the redirected target can be looked up via URIBL plugin?

Re: Google redirects

2015-12-18 Thread Alex
Hi, >>> I suggested converting the rawbody rule John was working on into a >>> redirector_pattern >> >> >> Note that the following rule as posted by John: >> >> uri __GOOG_MALWARE_DNLD >> m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i >> >> would not currently work as a

Re: redirector_pattern question

2015-12-18 Thread Paul Stead
On 18/12/15 14:23, Mark Martinec wrote:. The parameter of redirector_pattern is a regular expression, dots and a question mark have a special meaning in a regexp. Oops I had escaped characters and anchors, in my numerous iterations testing I guess they got lost ... and please open a bug

Re: Customized header (add_header) doesn't work

2015-12-18 Thread listsb-spamassassin
On Dec 17, 2015, at 13.16, Alfredo Saldanha wrote: > > My second SA is a Zimbra server. > I use Zimbra SA only to drop the message in junk folder. > I don't want to clean at the Zimbra server, it is default behavior. for what it's worth, if you were to use amavis

Re: Google redirects

2015-12-18 Thread John Hardin
On Fri, 18 Dec 2015, Alex wrote: I suggested converting the rawbody rule John was working on into a redirector_pattern Note that the following rule as posted by John: uri __GOOG_MALWARE_DNLD m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i would not currently work as a