spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: Errors since upgrading to 3.4.1: "meta test ... with a zero score"
Date Fri, 16 Jun 2017 01:00:28 GMT
On Thu, 15 Jun 2017, Gerald Turner wrote:

>  spamd[32137]: rules: meta test FREEMAIL_FORGED_FROMDOMAIN has dependency 'HEADER_FROM_DIFFERENT_DOMAINS'
with a zero score
>  spamd[31552]: rules: meta test __FORM_FRAUD_3 has dependency 'LOTTO_AGENT' with a zero
score
>  spamd[31552]: rules: meta test __MONEY_FRAUD_3 has dependency 'LOTTO_AGENT' with a zero
score
>  spamd[31552]: rules: meta test __FORM_FRAUD_5 has dependency 'LOTTO_AGENT' with a zero
score
>  spamd[31552]: rules: meta test __ADVANCE_FEE_4_NEW has dependency 'LOTTO_AGENT' with
a zero score
>  spamd[31552]: rules: meta test __MONEY_FRAUD_8 has dependency 'LOTTO_AGENT' with a zero
score
>  spamd[31552]: rules: meta test __ADVANCE_FEE_2_NEW has dependency 'LOTTO_AGENT' with
a zero score
>  spamd[31552]: rules: meta test __MONEY_FRAUD_5 has dependency 'LOTTO_AGENT' with a zero
score
>  spamd[31552]: rules: meta test __ADVANCE_FEE_3_NEW has dependency 'LOTTO_AGENT' with
a zero score
>  spamd[31552]: rules: meta test __ADVANCE_FEE_5_NEW has dependency 'LOTTO_AGENT' with
a zero score
>  spamd[31552]: rules: meta test __FORM_FRAUD has dependency 'LOTTO_AGENT' with a zero
score

>  - Is there a bug with the project's sa-update channel / auto-
>    mass-check setup?

That's what it sounds like to me - it should not be omitting or zeroing 
the scores of rules that participate in metas.

Something is odd. This didn't come up on the old masscheck host, but the 
score generation code should not have changed since then...

It looks like it's not setting both the net and non-net scores for a few
rules:

   score FROM_IN_TO_AND_SUBJ            1.099 0.000 1.099 0.000
   score HEADER_FROM_DIFFERENT_DOMAINS  0.001 0.000 0.001 0.000
   score HK_SCAM_N8                     2.506 0.000 2.506 0.000
   score LOTTO_AGENT                    2.609 0.000 2.609 0.000

The non-network-enabled scores should only be zero for rules marked as 
being network-dependent rules, and *all* rules should have a nonzero 
network-enabled score (which appears to be the problem here).

Something else odd is going on in the score generation: some 
well-performing rules (notably URI_WP_HACKED) are now getting scored at 1 
point. There are only 56 rules listed in 72_scores.cf (the output from the 
masscheck score generator), the rest would be defaulting to 1 point.


-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   If you ask amateurs to act as front-line security personnel,
   you shouldn't be surprised when you get amateur security.
                                                     -- Bruce Schneier
-----------------------------------------------------------------------
  3 days until SWMBO's Birthday

Mime
View raw message