这个 Spamassassin META 规则有什么问题?

tag-icon tag-icon spamassassin
这个 Spamassassin META 规则有什么问题?

我 99.99% 确信这组规则以前运行良好,但如果末尾的元规则未注释,就会开始出现错误。这似乎与引擎有关,因为它在多个地方发生。

当我进行 lint 时产生的错误是:

Sep 10 09:42:41.113 [3984] warn: config: Strange rule token: 0.01039
Sep 10 09:42:42.031 [3984] warn: lint: 1 issues detected, please rerun with debug enabled for more information

谁能帮忙告诉我为什么?

body            DG_CHINAREGSCAM2a       /we.received.an.application/i
describe        DG_CHINAREGSCAM2a       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2a       0.01040

body            DG_CHINAREGSCAM2b       /their internet keyword/i
describe        DG_CHINAREGSCAM2b       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2b       0.01041

body            DG_CHINAREGSCAM2c       /China(.*)domain name/i
describe        DG_CHINAREGSCAM2c       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2c       0.01042

body            DG_CHINAREGSCAM2d       /necessary.to.send.email.to.you/i
describe        DG_CHINAREGSCAM2d       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2d       0.01043

body            DG_CHINAREGSCAM2e       /company is associated with your company or not/i
describe        DG_CHINAREGSCAM2e       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2e       0.01044

body            DG_CHINAREGSCAM2f       /conflicts.with.your.company/i
describe        DG_CHINAREGSCAM2f       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2f       0.01045

#meta           DG_CHINAREGSCAM2        (( DG_CHINAREGSCAM2a + DG_CHINAREGSCAM2b + DG_CHINAREGSCAM2c + DG_CHINAREGSCAM2d + DG_CHINAREGSCAM2e + DG_CHINAREGSCAM2f) > 0.01039 )
#score          DG_CHINAREGSCAM2        3
#describe       DG_CHINAREGSCAM2        Email identified as China Registry Scam

在这个特殊情况下,我通过将 + / 分数模型更改为使用“||”来匹配任何规则来解决这个规则问题,但这并不适用于所有情况。

有办法解决这个问题吗?或者有一个我找不到的明显原因?

答案1

在算术元规则中,linter 建议使用倍数而不是分数。

我相信你的规则无论如何都是有效的。只是没有必要使用除普通整数之外的任何东西,并且可能意味着在编写规则时出现错误,见下文。说明你想要命中的匹配数(例如 2),并通过乘以权重(如有必要),例如:

meta   DG_CHINAREGSCAM2 (( 7*DG_CHINAREGSCAM2a + 7*DG_CHINAREGSCAM2b + 7*DG_CHINAREGSCAM2c + 4*DG_CHINAREGSCAM2d + 4*DG_CHINAREGSCAM2e + 3*DG_CHINAREGSCAM2f) > 10 )

它可能看起来像是其他测试附件上的算术score- 但事实并非如此。其他测试的每一个引用都算作 1 的倍数:

meta SYMBOLIC_TEST_NAME 布尔算术表达式

    Can also define an arithmetic expression in terms of other tests,
    with an unhit test having the value "0" and a hit test having a
    nonzero value.
    The value of a hit meta test is that of its
    arithmetic expression. The value of a hit eval test is that returned
    by its method.
    The value of a hit header, body, rawbody, uri, or
    full test which has the "multiple" tflag is the number of times the
    test hit. The value of any other type of hit test is "1".

-doc/Mail_SpamAssassin_Conf.txt

相关内容