>What does [!empty!]
>mean here?
[!empty!] meens - that you regex ist testing for an empty string. like
^$
Thomas
Von: "Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'"
<assp-test@lists.sourceforge.net>
Datum: 09.06.2010 10:56
Betreff: [Assp-test] BombBlack hits good mail
Hi all,
since I upgraded from 2.0.2-1.0.06 to 2.0.2-1.1.10 (same issue with
2.0.2-1.1.11) I see lots of log entries like these:
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain no Bomb found in header
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain no Bomb found for 'bombSuspiciousRe'
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain no Bomb found for 'bombDataRe', 'bombRe' and
'bombCharSets'
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain Regex:BlackRe 'PB 20: for [!empty!]'
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain [!empty!] : (l:0) 20 , count : 1 , sum : 20 , time
:
0 s
Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack] 87.248.110.138
<sen...@yahoo.de> to: recipi...@my.domain (BombBlack '(l:0) (l:0)
'[!empty!] (20)'')
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain Message-Score: added 20 for BombBlack '(l:0) (l:0)
'[!empty!] (20)'', total score for this message is now 9
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain PB-IP-Score for '87.248.110.138' is 20, added 20
for
BombBlack
Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack] 87.248.110.138
<sen...@yahoo.de> to: recipi...@my.domain [spam found] (BombBlack '(l:0)
(l:0) '[!empty!] (20)'') [Alan Wake] -> /opt/assp/discarded/5566.eml;
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
to: recipi...@my.domain [SMTP Error] 554 5.7.1 Delivery not authorized,
message refused -- . (reason: BombBlack '(l:0) (l:0) '[!empty!] (20)'')
The mail is not spam. I cannot see why it is discarded. What does
[!empty!]
mean here? Where does it come from? A bad regex somewhere?
I use the bombre.txt from the cvs.
Thanks for your hints.
Regards
Dirk Kulmsee
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
