Re: 72_scores.cf compared to the one from march 15
On 11/15/2017 4:43 PM, Dave Jones wrote: I got my SVN authentication issue figured out on my laptop and committed these. Fingers crossed for the run in about 5 hours. Excellent. Sorry, today was an ASF board meeting so hectic!
Re: 72_scores.cf compared to the one from march 15
On 11/15/2017 07:10 AM, Dave Jones wrote: On 11/15/2017 06:40 AM, Kevin A. McGrail wrote: On 11/15/2017 6:33 AM, Merijn van den Kroonenberg wrote: That, or maybe Kevin can step in for now and do the commit for you? Good to know you are on the road and thanks for still trying to help! Happy to try and help! Regards, KAM On the sa-vm1 server, I need to get these two files committed: /usr/local/spamassassin/automc/svn/trunk/masses/rule-update-score-gen$ svn status M generate-new-scores.sh M lock-scores I would normally copy these to /tmp then scp them down to my local desktop/laptop check out location to commit them. The generate-new-scores.sh has the SVN $REVISION determined from the majority masscheck submissions and we think the lock-scores is the one that was running on the old server back in March but wasn't committed to the main dir like it should have been. Dave I got my SVN authentication issue figured out on my laptop and committed these. Fingers crossed for the run in about 5 hours. Dave
Re: 72_scores.cf compared to the one from march 15
On 11/15/2017 06:40 AM, Kevin A. McGrail wrote: On 11/15/2017 6:33 AM, Merijn van den Kroonenberg wrote: That, or maybe Kevin can step in for now and do the commit for you? Good to know you are on the road and thanks for still trying to help! Happy to try and help! Regards, KAM On the sa-vm1 server, I need to get these two files committed: /usr/local/spamassassin/automc/svn/trunk/masses/rule-update-score-gen$ svn status M generate-new-scores.sh M lock-scores I would normally copy these to /tmp then scp them down to my local desktop/laptop check out location to commit them. The generate-new-scores.sh has the SVN $REVISION determined from the majority masscheck submissions and we think the lock-scores is the one that was running on the old server back in March but wasn't committed to the main dir like it should have been. Dave
Re: comparing 72_scores.cf files
Nice script. Very useful. Now it would be good to extend it to check the rules still exist. For example, I wrote a quick bash on-liner to find the rules no longer exist in the main SA rules so we shouldn't expect these 6 to be in the new 72_scores.cf: AXB_XMAILER_MIMEOLE_OL_1ECD5 AXB_XM_FORGED_OL2600 FSL_HELO_BARE_IP_2 HK_SCAM_N15 MONEY_LOTTERY MSGID_NOFQDN1 Next it would be interesting to see if these rest of the "only in 1 (removed in 2)" are in other current rule files and if they have an uncommented score. Ones without a score or a commented score will get the default score of 1.0. Otherwise, we may not be too far off once we can get the lock-scores commited today. Dave On 11/15/2017 06:27 AM, Merijn van den Kroonenberg wrote: I wanted to compare the 72_scores.cf file against the one from yesterday and the one from march. However the svn diff is not very readable and its very hard to see which rules were added or removed. I also wanted to compare the ranges.data file which also contains rules and score ranges. I patched together a small script for comparing score files. See attchement for the (perl) script. It produces output like this (comparing march against last night): ./compare-rulefiles 72_scores_20170315.cf 72_scores-1815282.cf Only in 1 (removed in 2) AC_HTML_NONSENSE_TAGS AC_SPAMMY_URI_PATTERNS1 AC_SPAMMY_URI_PATTERNS10 AC_SPAMMY_URI_PATTERNS11 AC_SPAMMY_URI_PATTERNS12 AC_SPAMMY_URI_PATTERNS2 AC_SPAMMY_URI_PATTERNS3 AC_SPAMMY_URI_PATTERNS4 AC_SPAMMY_URI_PATTERNS8 AC_SPAMMY_URI_PATTERNS9 ADVANCE_FEE_2_NEW_FORM ADVANCE_FEE_4_NEW ADVANCE_FEE_5_NEW AXB_XMAILER_MIMEOLE_OL_1ECD5 AXB_XM_FORGED_OL2600 BODY_EMPTY CANT_SEE_AD CN_B2B_SPAMMER COMMENT_GIBBERISH ENCRYPTED_MESSAGE FBI_MONEY FBI_SPOOF FORM_LOW_CONTRAST FOUND_YOU FREEMAIL_DOC_PDF_BCC FROM_WORDY_SHORT FSL_HELO_BARE_IP_2 GOOGLE_DOCS_PHISH GOOGLE_DOCS_PHISH_MANY GOOG_MALWARE_DNLD HDRS_LCASE HEXHASH_WORD HK_SCAM_N15 HTML_OFF_PAGE LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LOTTO_AGENT LOTTO_DEPT LUCRATIVE MONEY_LOTTERY MSGID_NOFQDN1 MSM_PRIO_REPTO PHP_NOVER_MUA PHP_ORIG_SCRIPT PHP_SCRIPT_MUA PP_TOO_MUCH_UNICODE02 PP_TOO_MUCH_UNICODE05 PUMPDUMP PUMPDUMP_MULTI RAND_HEADER_MANY RP_MATCHES_RCVD SHARE_50_50 SPOOFED_FREEM_REPTO_CHN STOCK_LOW_CONTRAST STOCK_TIP SYSADMIN TO_NO_BRKTS_FROM_MSSP TW_GIBBERISH_MANY UC_GIBBERISH_OBFU URI_DATA URI_GOOGLE_PROXY URI_OPTOUT_3LD URI_PHISH XPRIO_SHORT_SUBJ Only in 2 (added in 2) ADVANCE_FEE_4_NEW_MONEY ADVANCE_FEE_5_NEW_FRM_MNY ADVANCE_FEE_5_NEW_MONEY APOSTROPHE_TOCC AXB_X_AOL_SEZ_S DEAR_BENEFICIARY FROM_MISSP_DYNIP FROM_MISSP_EH_MATCH FSL_HELO_FAKE FSL_MIME_NO_TEXT FUZZY_UNSUBSCRIBE HDRS_MISSP MANY_PILL_PRICE MILLION_USD MONEY_ATM_CARD MONEY_FORM_SHORT MONEY_FROM_41 SERGIO_SUBJECT_VIAGRA01 SHORTENED_URL_SRC SINGLETS_LOW_CONTRAST TO_NO_BRKTS_DYNIP Changed AC_BR_BONANZA 0.001 0.001 0.001 0.001 0.001 0.967 0.001 0.967 AC_DIV_BONANZA 0.001 0.001 0.001 0.001 0.909 0.001 0.909 0.001 ADVANCE_FEE_2_NEW_MONEY 1.997 0.001 1.997 0.001 0.001 0.039 0.001 0.039 ADVANCE_FEE_3_NEW 3.496 0.001 3.496 0.001 2.099 1.697 2.099 1.697 ADVANCE_FEE_3_NEW_MONEY 2.796 0.001 2.796 0.001 3.100 2.696 3.100 2.696 AXB_XMAILER_MIMEOLE_OL_024C2 0.367 0.001 0.367 0.001 0.001 2.822 0.001 2.822 BODY_URI_ONLY 0.998 0.001 0.998 0.001 3.500 3.595 3.500 3.595 BOGUS_MSM_HDRS 0.909 0.001 0.909 0.001 1.912 0.677 1.912 0.677 CK_HELO_DYNAMIC_SPLIT_IP 1.350 0.001 1.350 0.001 1.500 0.001 1.500 0.001 CK_HELO_GENERIC 0.249 0.249 0.249 0.249 2.195 1.350 2.195 1.350 DATE_IN_FUTURE_96_Q 3.296 3.299 3.296 3.299 2.999 2.696 2.999 2.696 FILL_THIS_FORM 2.748 0.001 2.748 0.001 0.200 1.402 0.200 1.402 FORM_FRAUD 0.998 0.001 0.998 0.001 3.099 1.841 3.099 1.841 FORM_FRAUD_3 2.696 0.001 2.696 0.001 2.899 0.383 2.899 0.383 FORM_FRAUD_5 0.209 0.001 0.209 0.001 1.531 1.802 1.531 1.802 FREEMAIL_FORGED_FROMDOMAIN 0.001 0.199 0.001 0.199 0.001 0.001 0.001 0.001 FROM_IN_TO_AND_SUBJ 0.287 0.262 0.287 0.262 1.001 0.001 1.001 0.001 FROM_MISSP_FREEMAIL 3.595 0.001 3.595 0.001 2.965 3.393 2.965 3.393 FROM_MISSP_MSFT 0.001 0.001 0.001 0.001 0.001 3.129 0.001 3.129 FROM_MISSP_REPLYTO 0.001 0.001 0.001 0.001 3.799 0.001 3.799 0.001 FROM_MISSP_SPF_FAIL 0.001 1.000 0.001 1.000 0.001 0.001 0.001 0.001 FROM_MISSP_TO_UNDISC 1.438 0.001 1.438 0.001 1.102 0.275 1.102 0.275 FROM_MISSP_USER 0.001 0.001 0.001 0.001 0.001 1.416 0.001 1.416 FROM_MISSP_XPRIO 0.001 0.001 0.001 0.001 0.001 3.595 0.001 3.595 FROM_WORDY 2.497 0.001 2.497 0.001 3.299 2.511 3.299 2.511 FSL_CTYPE_WIN1251 0.001 0.001 0.001 0.001 0.001 0.588 0.001 0.588 FSL_NEW_HELO_USER 0.083 0.001 0.083 0.001 0.001 0.755 0.001 0.755 HELO_MISC_IP 0.248 0.250 0.248 0.250 2.600 1.357 2.600 1.357 HK_RANDOM_FROM 0.998 0.001 0.998 0.001 1.501 2.664 1.501 2.664 HK_SCAM_N2 3.249 0.001 3.249 0.001 3.099 2.696 3.099 2.696 IMG_DIRECT_TO_MX 2.397 2.400
Re: comparing 72_scores.cf files
Very Cool. Is there a Tl;Dr result you came up with or is this more something prepped for when we get to the stage to review? On 11/15/2017 7:27 AM, Merijn van den Kroonenberg wrote: I wanted to compare the 72_scores.cf file against the one from yesterday and the one from march. However the svn diff is not very readable and its very hard to see which rules were added or removed. I also wanted to compare the ranges.data file which also contains rules and score ranges. I patched together a small script for comparing score files. See attchement for the (perl) script. It produces output like this (comparing march against last night): ./compare-rulefiles 72_scores_20170315.cf 72_scores-1815282.cf Only in 1 (removed in 2) AC_HTML_NONSENSE_TAGS AC_SPAMMY_URI_PATTERNS1 AC_SPAMMY_URI_PATTERNS10 AC_SPAMMY_URI_PATTERNS11 AC_SPAMMY_URI_PATTERNS12 AC_SPAMMY_URI_PATTERNS2 AC_SPAMMY_URI_PATTERNS3 AC_SPAMMY_URI_PATTERNS4 AC_SPAMMY_URI_PATTERNS8 AC_SPAMMY_URI_PATTERNS9 ADVANCE_FEE_2_NEW_FORM ADVANCE_FEE_4_NEW ADVANCE_FEE_5_NEW AXB_XMAILER_MIMEOLE_OL_1ECD5 AXB_XM_FORGED_OL2600 BODY_EMPTY CANT_SEE_AD CN_B2B_SPAMMER COMMENT_GIBBERISH ENCRYPTED_MESSAGE FBI_MONEY FBI_SPOOF FORM_LOW_CONTRAST FOUND_YOU FREEMAIL_DOC_PDF_BCC FROM_WORDY_SHORT FSL_HELO_BARE_IP_2 GOOGLE_DOCS_PHISH GOOGLE_DOCS_PHISH_MANY GOOG_MALWARE_DNLD HDRS_LCASE HEXHASH_WORD HK_SCAM_N15 HTML_OFF_PAGE LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LOTTO_AGENT LOTTO_DEPT LUCRATIVE MONEY_LOTTERY MSGID_NOFQDN1 MSM_PRIO_REPTO PHP_NOVER_MUA PHP_ORIG_SCRIPT PHP_SCRIPT_MUA PP_TOO_MUCH_UNICODE02 PP_TOO_MUCH_UNICODE05 PUMPDUMP PUMPDUMP_MULTI RAND_HEADER_MANY RP_MATCHES_RCVD SHARE_50_50 SPOOFED_FREEM_REPTO_CHN STOCK_LOW_CONTRAST STOCK_TIP SYSADMIN TO_NO_BRKTS_FROM_MSSP TW_GIBBERISH_MANY UC_GIBBERISH_OBFU URI_DATA URI_GOOGLE_PROXY URI_OPTOUT_3LD URI_PHISH XPRIO_SHORT_SUBJ Only in 2 (added in 2) ADVANCE_FEE_4_NEW_MONEY ADVANCE_FEE_5_NEW_FRM_MNY ADVANCE_FEE_5_NEW_MONEY APOSTROPHE_TOCC AXB_X_AOL_SEZ_S DEAR_BENEFICIARY FROM_MISSP_DYNIP FROM_MISSP_EH_MATCH FSL_HELO_FAKE FSL_MIME_NO_TEXT FUZZY_UNSUBSCRIBE HDRS_MISSP MANY_PILL_PRICE MILLION_USD MONEY_ATM_CARD MONEY_FORM_SHORT MONEY_FROM_41 SERGIO_SUBJECT_VIAGRA01 SHORTENED_URL_SRC SINGLETS_LOW_CONTRAST TO_NO_BRKTS_DYNIP Changed AC_BR_BONANZA 0.001 0.001 0.001 0.001 0.001 0.967 0.001 0.967 AC_DIV_BONANZA 0.001 0.001 0.001 0.001 0.909 0.001 0.909 0.001 ADVANCE_FEE_2_NEW_MONEY 1.997 0.001 1.997 0.001 0.001 0.039 0.001 0.039 ADVANCE_FEE_3_NEW 3.496 0.001 3.496 0.001 2.099 1.697 2.099 1.697 ADVANCE_FEE_3_NEW_MONEY 2.796 0.001 2.796 0.001 3.100 2.696 3.100 2.696 AXB_XMAILER_MIMEOLE_OL_024C2 0.367 0.001 0.367 0.001 0.001 2.822 0.001 2.822 BODY_URI_ONLY 0.998 0.001 0.998 0.001 3.500 3.595 3.500 3.595 BOGUS_MSM_HDRS 0.909 0.001 0.909 0.001 1.912 0.677 1.912 0.677 CK_HELO_DYNAMIC_SPLIT_IP 1.350 0.001 1.350 0.001 1.500 0.001 1.500 0.001 CK_HELO_GENERIC 0.249 0.249 0.249 0.249 2.195 1.350 2.195 1.350 DATE_IN_FUTURE_96_Q 3.296 3.299 3.296 3.299 2.999 2.696 2.999 2.696 FILL_THIS_FORM 2.748 0.001 2.748 0.001 0.200 1.402 0.200 1.402 FORM_FRAUD 0.998 0.001 0.998 0.001 3.099 1.841 3.099 1.841 FORM_FRAUD_3 2.696 0.001 2.696 0.001 2.899 0.383 2.899 0.383 FORM_FRAUD_5 0.209 0.001 0.209 0.001 1.531 1.802 1.531 1.802 FREEMAIL_FORGED_FROMDOMAIN 0.001 0.199 0.001 0.199 0.001 0.001 0.001 0.001 FROM_IN_TO_AND_SUBJ 0.287 0.262 0.287 0.262 1.001 0.001 1.001 0.001 FROM_MISSP_FREEMAIL 3.595 0.001 3.595 0.001 2.965 3.393 2.965 3.393 FROM_MISSP_MSFT 0.001 0.001 0.001 0.001 0.001 3.129 0.001 3.129 FROM_MISSP_REPLYTO 0.001 0.001 0.001 0.001 3.799 0.001 3.799 0.001 FROM_MISSP_SPF_FAIL 0.001 1.000 0.001 1.000 0.001 0.001 0.001 0.001 FROM_MISSP_TO_UNDISC 1.438 0.001 1.438 0.001 1.102 0.275 1.102 0.275 FROM_MISSP_USER 0.001 0.001 0.001 0.001 0.001 1.416 0.001 1.416 FROM_MISSP_XPRIO 0.001 0.001 0.001 0.001 0.001 3.595 0.001 3.595 FROM_WORDY 2.497 0.001 2.497 0.001 3.299 2.511 3.299 2.511 FSL_CTYPE_WIN1251 0.001 0.001 0.001 0.001 0.001 0.588 0.001 0.588 FSL_NEW_HELO_USER 0.083 0.001 0.083 0.001 0.001 0.755 0.001 0.755 HELO_MISC_IP 0.248 0.250 0.248 0.250 2.600 1.357 2.600 1.357 HK_RANDOM_FROM 0.998 0.001 0.998 0.001 1.501 2.664 1.501 2.664 HK_SCAM_N2 3.249 0.001 3.249 0.001 3.099 2.696 3.099 2.696 IMG_DIRECT_TO_MX 2.397 2.400 2.397 2.400 3.599 1.743 3.599 1.743 LONG_HEX_URI 2.194 2.290 2.194 2.290 0.399 0.884 0.399 0.884 LONG_IMG_URI 0.553 0.100 0.553 0.100 0.001 0.001 0.001 0.001 LOTS_OF_MONEY 0.001 0.001 0.001 0.001 0.001 0.006 0.001 0.006 MIMEOLE_DIRECT_TO_MX 1.445 0.381 1.445 0.381 2.399 0.737 2.399 0.737 MIME_NO_TEXT 1.000 1.000 1.000 1.000 3.505 2.941 3.505 2.941 MONEY_FRAUD_3 2.896 0.001 2.896 0.001 3.100 0.243 3.100 0.243 MONEY_FRAUD_5 3.096 0.001 3.096 0.001 3.400 2.896 3.400 2.896 MONEY_FRAUD_8 2.548 0.001 2.548 0.001 0.364 3.199
Re: 72_scores.cf compared to the one from march 15
On 11/15/2017 6:33 AM, Merijn van den Kroonenberg wrote: That, or maybe Kevin can step in for now and do the commit for you? Good to know you are on the road and thanks for still trying to help! Happy to try and help! Regards, KAM
comparing 72_scores.cf files
I wanted to compare the 72_scores.cf file against the one from yesterday and the one from march. However the svn diff is not very readable and its very hard to see which rules were added or removed. I also wanted to compare the ranges.data file which also contains rules and score ranges. I patched together a small script for comparing score files. See attchement for the (perl) script. It produces output like this (comparing march against last night): ./compare-rulefiles 72_scores_20170315.cf 72_scores-1815282.cf Only in 1 (removed in 2) AC_HTML_NONSENSE_TAGS AC_SPAMMY_URI_PATTERNS1 AC_SPAMMY_URI_PATTERNS10 AC_SPAMMY_URI_PATTERNS11 AC_SPAMMY_URI_PATTERNS12 AC_SPAMMY_URI_PATTERNS2 AC_SPAMMY_URI_PATTERNS3 AC_SPAMMY_URI_PATTERNS4 AC_SPAMMY_URI_PATTERNS8 AC_SPAMMY_URI_PATTERNS9 ADVANCE_FEE_2_NEW_FORM ADVANCE_FEE_4_NEW ADVANCE_FEE_5_NEW AXB_XMAILER_MIMEOLE_OL_1ECD5 AXB_XM_FORGED_OL2600 BODY_EMPTY CANT_SEE_AD CN_B2B_SPAMMER COMMENT_GIBBERISH ENCRYPTED_MESSAGE FBI_MONEY FBI_SPOOF FORM_LOW_CONTRAST FOUND_YOU FREEMAIL_DOC_PDF_BCC FROM_WORDY_SHORT FSL_HELO_BARE_IP_2 GOOGLE_DOCS_PHISH GOOGLE_DOCS_PHISH_MANY GOOG_MALWARE_DNLD HDRS_LCASE HEXHASH_WORD HK_SCAM_N15 HTML_OFF_PAGE LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LOTTO_AGENT LOTTO_DEPT LUCRATIVE MONEY_LOTTERY MSGID_NOFQDN1 MSM_PRIO_REPTO PHP_NOVER_MUA PHP_ORIG_SCRIPT PHP_SCRIPT_MUA PP_TOO_MUCH_UNICODE02 PP_TOO_MUCH_UNICODE05 PUMPDUMP PUMPDUMP_MULTI RAND_HEADER_MANY RP_MATCHES_RCVD SHARE_50_50 SPOOFED_FREEM_REPTO_CHN STOCK_LOW_CONTRAST STOCK_TIP SYSADMIN TO_NO_BRKTS_FROM_MSSP TW_GIBBERISH_MANY UC_GIBBERISH_OBFU URI_DATA URI_GOOGLE_PROXY URI_OPTOUT_3LD URI_PHISH XPRIO_SHORT_SUBJ Only in 2 (added in 2) ADVANCE_FEE_4_NEW_MONEY ADVANCE_FEE_5_NEW_FRM_MNY ADVANCE_FEE_5_NEW_MONEY APOSTROPHE_TOCC AXB_X_AOL_SEZ_S DEAR_BENEFICIARY FROM_MISSP_DYNIP FROM_MISSP_EH_MATCH FSL_HELO_FAKE FSL_MIME_NO_TEXT FUZZY_UNSUBSCRIBE HDRS_MISSP MANY_PILL_PRICE MILLION_USD MONEY_ATM_CARD MONEY_FORM_SHORT MONEY_FROM_41 SERGIO_SUBJECT_VIAGRA01 SHORTENED_URL_SRC SINGLETS_LOW_CONTRAST TO_NO_BRKTS_DYNIP Changed AC_BR_BONANZA 0.001 0.001 0.001 0.001 0.001 0.967 0.001 0.967 AC_DIV_BONANZA 0.001 0.001 0.001 0.001 0.909 0.001 0.909 0.001 ADVANCE_FEE_2_NEW_MONEY 1.997 0.001 1.997 0.001 0.001 0.039 0.001 0.039 ADVANCE_FEE_3_NEW 3.496 0.001 3.496 0.001 2.099 1.697 2.099 1.697 ADVANCE_FEE_3_NEW_MONEY 2.796 0.001 2.796 0.001 3.100 2.696 3.100 2.696 AXB_XMAILER_MIMEOLE_OL_024C2 0.367 0.001 0.367 0.001 0.001 2.822 0.001 2.822 BODY_URI_ONLY 0.998 0.001 0.998 0.001 3.500 3.595 3.500 3.595 BOGUS_MSM_HDRS 0.909 0.001 0.909 0.001 1.912 0.677 1.912 0.677 CK_HELO_DYNAMIC_SPLIT_IP 1.350 0.001 1.350 0.001 1.500 0.001 1.500 0.001 CK_HELO_GENERIC 0.249 0.249 0.249 0.249 2.195 1.350 2.195 1.350 DATE_IN_FUTURE_96_Q 3.296 3.299 3.296 3.299 2.999 2.696 2.999 2.696 FILL_THIS_FORM 2.748 0.001 2.748 0.001 0.200 1.402 0.200 1.402 FORM_FRAUD 0.998 0.001 0.998 0.001 3.099 1.841 3.099 1.841 FORM_FRAUD_3 2.696 0.001 2.696 0.001 2.899 0.383 2.899 0.383 FORM_FRAUD_5 0.209 0.001 0.209 0.001 1.531 1.802 1.531 1.802 FREEMAIL_FORGED_FROMDOMAIN 0.001 0.199 0.001 0.199 0.001 0.001 0.001 0.001 FROM_IN_TO_AND_SUBJ 0.287 0.262 0.287 0.262 1.001 0.001 1.001 0.001 FROM_MISSP_FREEMAIL 3.595 0.001 3.595 0.001 2.965 3.393 2.965 3.393 FROM_MISSP_MSFT 0.001 0.001 0.001 0.001 0.001 3.129 0.001 3.129 FROM_MISSP_REPLYTO 0.001 0.001 0.001 0.001 3.799 0.001 3.799 0.001 FROM_MISSP_SPF_FAIL 0.001 1.000 0.001 1.000 0.001 0.001 0.001 0.001 FROM_MISSP_TO_UNDISC 1.438 0.001 1.438 0.001 1.102 0.275 1.102 0.275 FROM_MISSP_USER 0.001 0.001 0.001 0.001 0.001 1.416 0.001 1.416 FROM_MISSP_XPRIO 0.001 0.001 0.001 0.001 0.001 3.595 0.001 3.595 FROM_WORDY 2.497 0.001 2.497 0.001 3.299 2.511 3.299 2.511 FSL_CTYPE_WIN1251 0.001 0.001 0.001 0.001 0.001 0.588 0.001 0.588 FSL_NEW_HELO_USER 0.083 0.001 0.083 0.001 0.001 0.755 0.001 0.755 HELO_MISC_IP 0.248 0.250 0.248 0.250 2.600 1.357 2.600 1.357 HK_RANDOM_FROM 0.998 0.001 0.998 0.001 1.501 2.664 1.501 2.664 HK_SCAM_N2 3.249 0.001 3.249 0.001 3.099 2.696 3.099 2.696 IMG_DIRECT_TO_MX 2.397 2.400 2.397 2.400 3.599 1.743 3.599 1.743 LONG_HEX_URI 2.194 2.290 2.194 2.290 0.399 0.884 0.399 0.884 LONG_IMG_URI 0.553 0.100 0.553 0.100 0.001 0.001 0.001 0.001 LOTS_OF_MONEY 0.001 0.001 0.001 0.001 0.001 0.006 0.001 0.006 MIMEOLE_DIRECT_TO_MX 1.445 0.381 1.445 0.381 2.399 0.737 2.399 0.737 MIME_NO_TEXT 1.000 1.000 1.000 1.000 3.505 2.941 3.505 2.941 MONEY_FRAUD_3 2.896 0.001 2.896 0.001 3.100 0.243 3.100 0.243 MONEY_FRAUD_5 3.096 0.001 3.096 0.001 3.400 2.896 3.400 2.896 MONEY_FRAUD_8 2.548 0.001 2.548 0.001 0.364 3.199 0.364 3.199 NSL_RCVD_FROM_USER 0.548 0.001 0.548 0.001 0.001 0.159 0.001 0.159 NSL_RCVD_HELO_USER 1.273 0.001 1.273 0.001 2.599 0.970 2.599 0.970 PP_MIME_FAKE_ASCII_TEXT 0.429 0.001 0.429 0.001 0.899 0.001 0.899 0.001 RCVD_IN_MSPIKE_H2 0.001 -2.800
Re: 72_scores.cf compared to the one from march 15
> On 11/15/2017 05:22 AM, Merijn van den Kroonenberg wrote: >>> I updated the masses/rule-update-score-gen/lock-scores file from >>> rulesrc/sandbox/dos/new-rule-score-gen/lock-scores on the >>> sa-vm1.apache.org server so fingers crossed on the 72_scores.cf here in >>> about 5 hours. >> This script is always freshly checked out, so uncommitted changes can >> never be tested. If you check automc/tmp you will see still the old >> version of the script. I must admit, I fell for it too, only found out >> after actually checking the temp dir to check the script after I >> wondered >> why there was no change in ranges.data. >> >>> Dave >>> >>> >> > Darn. I am having problems with my SVN ID right now so I was hoping I > didn't have to commit these changes to test them on the server. I am > travelling with my laptop that doesn't have something setup quite right > so I will have to figure out the SVN authentication setup since I won't > be back at my primary desktop PC for about 10 days. That, or maybe Kevin can step in for now and do the commit for you? Good to know you are on the road and thanks for still trying to help! > > Dave > >
Re: 72_scores.cf compared to the one from march 15
On 11/15/2017 05:22 AM, Merijn van den Kroonenberg wrote: I updated the masses/rule-update-score-gen/lock-scores file from rulesrc/sandbox/dos/new-rule-score-gen/lock-scores on the sa-vm1.apache.org server so fingers crossed on the 72_scores.cf here in about 5 hours. This script is always freshly checked out, so uncommitted changes can never be tested. If you check automc/tmp you will see still the old version of the script. I must admit, I fell for it too, only found out after actually checking the temp dir to check the script after I wondered why there was no change in ranges.data. Dave Darn. I am having problems with my SVN ID right now so I was hoping I didn't have to commit these changes to test them on the server. I am travelling with my laptop that doesn't have something setup quite right so I will have to figure out the SVN authentication setup since I won't be back at my primary desktop PC for about 10 days. Dave
Re: 72_scores.cf compared to the one from march 15
> I updated the masses/rule-update-score-gen/lock-scores file from > rulesrc/sandbox/dos/new-rule-score-gen/lock-scores on the > sa-vm1.apache.org server so fingers crossed on the 72_scores.cf here in > about 5 hours. This script is always freshly checked out, so uncommitted changes can never be tested. If you check automc/tmp you will see still the old version of the script. I must admit, I fell for it too, only found out after actually checking the temp dir to check the script after I wondered why there was no change in ranges.data. > > Dave > >
updateDNS.sh on sa-vm1.apache.org - DNS updates disabled
0.4.3.updates (TXT) -> \"1815297\" File /usr/local/bin/updateDNS.disabled exists, not updating DNS.
Cron <automc@sa-vm1> ~/svn/trunk/build/mkupdates/run_nightly | /usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt
+ promote_active_rules + pwd + /usr/bin/perl build/mkupdates/listpromotable /usr/local/spamassassin/automc/svn/trunk HTTP get: http://ruleqa.spamassassin.org/1-days-ago?xml=1 HTTP get: http://ruleqa.spamassassin.org/2-days-ago?xml=1 HTTP get: http://ruleqa.spamassassin.org/3-days-ago?xml=1 + mv rules/active.list.new rules/active.list + svn diff rules + cat /var/www/ruleqa.spamassassin.org/reports/LATEST Index: rules/active.list === --- rules/active.list (revision 1815210) +++ rules/active.list (working copy) @@ -1,5 +1,5 @@ # active ruleset list, automatically generated from http://ruleqa.spamassassin.org/ -# with results from: day 1: axb-coi-bulk axb-generic axb-ham-misc axb-ninja darxus ena-week0 ena-week1 ena-week2 ena-week3 giovanni jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam thendrikx; day 2: axb-coi-bulk axb-generic axb-ham-misc axb-ninja darxus ena-week0 ena-week1 ena-week2 ena-week3 giovanni jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam thendrikx; day 3: axb-coi-bulk axb-generic axb-ham-misc axb-ninja darxus ena-week0 ena-week1 ena-week2 ena-week3 giovanni jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam thendrikx +# with results from: day 1: axb-coi-bulk axb-generic axb-ham-misc axb-ninja darxus ena-week0 ena-week1 ena-week2 ena-week3 giovanni grenier jarif jbrooks mmiroslaw-mails-ham mmiroslaw-mails-spam thendrikx; day 2: axb-coi-bulk axb-generic axb-ham-misc axb-ninja darxus ena-week0 ena-week1 ena-week2 ena-week3 giovanni jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam thendrikx; day 3: axb-coi-bulk axb-generic axb-ham-misc axb-ninja darxus ena-week0 ena-week1 ena-week2 ena-week3 giovanni jbrooks llanga mmiroslaw-mails-ham mmiroslaw-mails-spam thendrikx # tflags publish AC_BR_BONANZA @@ -254,9 +254,6 @@ FROM_MISSP_DYNIP # good enough -FROM_MISSP_EH_MATCH - -# good enough FROM_MISSP_FREEMAIL # good enough @@ -872,23 +869,14 @@ TW_GIBBERISH_MANY # good enough -HK_NAME_FM_MR_MRS +FILL_THIS_FORM_LOAN # good enough -HK_SCAM_N3 +MONEY_FORM # good enough MONEY_FROM_MISSP -# good enough -NA_DOLLARS - -# good enough -S25R_4 - -# good enough -STOX_BOUND_090909_B - # tflags publish UC_GIBBERISH_OBFU + echo 'Committing promotions in rules/active.list...' + svn commit -m 'promotions validated' rules/active.list Committing promotions in rules/active.list... Sendingrules/active.list Transmitting file data .done Committing transaction... Committed revision 1815296. + /usr/bin/perl masses/rule-qa/list-bad-rules ++ date +%w + [[ 3 = 3 ]] + echo 'From: nore...@sa-vm1.apache.org (Rules Report Cron)' + echo 'Subject: [auto] bad sandbox rules report' + echo + cat /var/www/ruleqa.spamassassin.org/reports/badrules.txt + /usr/sbin/sendmail -oi d...@spamassassin.apache.org + for VER in '$VERSIONS' + make_tarball_for_version 3.4.2 + version=3.4.2 + tmpdir=/usr/local/spamassassin/automc/tmp/stage/3.4.2 + rm -rf /usr/local/spamassassin/automc/tmp/stage/3.4.2 + mkdir -p /usr/local/spamassassin/automc/tmp/stage/3.4.2 + make clean rm -f \ SpamAssassin.bso SpamAssassin.def \ SpamAssassin.exp SpamAssassin.x \ blib/arch/auto/Mail/SpamAssassin/extralibs.all \ blib/arch/auto/Mail/SpamAssassin/extralibs.ld Makefile.aperl \ *.a *.o \ *perl.core MYMETA.json \ MYMETA.yml blibdirs.ts \ core core.*perl.*.? \ core.[0-9] core.[0-9][0-9] \ core.[0-9][0-9][0-9] core.[0-9][0-9][0-9][0-9] \ core.[0-9][0-9][0-9][0-9][0-9] libSpamAssassin.def \ mon.out perl \ perl perl.exe \ perlmain.c pm_to_blib \ pm_to_blib.ts so_locations \ tmon.out rm -rf \ *.cache blib \ doc pod2htm* \ qmail rules/*.pm \ rules/70_inactive.cf sa-awl \ sa-check_spamd sa-compile \ sa-learn sa-update \ spamassassin spamc/*.cache \ spamc/*.o* spamc/*.so \ spamc/Makefile spamc/config.h \ spamc/config.log spamc/config.status \ spamc/qmail-spamc spamc/replace/*.o* \ spamc/spamc spamc/spamc.h \ spamc/version.h spamd/*spamc* \ spamd/spamd t/bayessql.cf \ t/do_net t/log \ t/sql_based_whitelist.cf version.env mv Makefile Makefile.old > /dev/null 2>&1 + /usr/bin/perl Makefile.PL PREFIX=/usr/local/spamassassin/automc/tmp/stage/3.4.2 What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] the administrator of that system NOTE: settings for "make test" are now controlled using "t/config.dist". See that file if you wish to customize what tests are run, and how. checking module dependencies and their versions... *** NOTE: the optional Digest::SHA1 module is not installed. The Digest::SHA1 module is still required by the Razor2 plugin. Other modules prefer Digest::SHA, which is a Perl
updateDNS.sh on sa-vm1.apache.org - DNS updates disabled
2.3.3.updates (TXT) -> \"1815297\" File /usr/local/bin/updateDNS.disabled exists, not updating DNS.
updateDNS.sh on sa-vm1.apache.org - DNS updates disabled
3.3.3.updates (TXT) -> \"1815297\" File /usr/local/bin/updateDNS.disabled exists, not updating DNS.
