4689 – False triggers on HOT_NASTY rule (20_porn.cf.)

Bug 4689 - False triggers on HOT_NASTY rule (20_porn.cf.)

Summary: False triggers on HOT_NASTY rule (20_porn.cf.)

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Masses (show other bugs)
Version:	3.1.0
Hardware:	All Linux

Importance:	P5 trivial
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-11-15 13:33 UTC by Declan Moriarty
Modified:	2011-05-02 09:39 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Declan Moriarty 2005-11-15 13:33:57 UTC

Comment 1 Declan Moriarty 2005-11-15 13:38:37 UTC

I am getting the occasional false trigger from this rule. I have isolated it
down to this line
192.168.xxx.xxx doesn't resolve to anything online.

Perhaps we are over sensitive with the xxx?

Comment 2 Matt Kettler 2005-11-15 17:46:26 UTC

Well, that does seem to explain why the rule got such a low score and S/O.

50_scores.cf:score HOT_NASTY 0.809 0 0.697 0.157
STATISTICS-set0.txt:  0.605   0.8035   0.1434    0.849   0.37    0.81  HOT_NASTY
STATISTICS-set1.txt:  0.641   0.8476   0.1600    0.841   0.37    0.04  HOT_NASTY
STATISTICS-set2.txt:  0.641   0.8476   0.1600    0.841   0.37    0.70  HOT_NASTY
STATISTICS-set3.txt:  0.583   0.7748   0.1356    0.851   0.36    0.16  HOT_NASTY



This debug line shows what's happening:

[11078] dbg: rules: ran body rule HOT_NASTY ======> got hit: "xxx.xxx"

That could be problematic for almost any censored IP address notation.

This rule should probably be split up into multiple rules, as the
/xxx\b.{0,9}\bxxx/ combination appears to be the troublemaker.

Comment 3 Henrik Krohns 2011-05-02 09:39:50 UTC

Closing, HOT_NASTY seems to be removed long time ago.