SA Bugzilla – Bug 6721
ADVANCE_FEE_* scores are too dynamic
Last modified: 2019-06-24 12:03:39 UTC
Working with trunk SA 3.4 I've noticed that the ADVANCE_FEE_* scores are VERY dynamic, always depending on masschecks and, over time, retun inconsistent results compared with the older ADVANCE_FEE rules which had basic static scores. It makes it hard to create metas when rules come and go so I'd like to propose a basic set of "old fashioned" type static rules with static scores. I know the project's target is to rely on masschecks for score generation but a basic static ruleset would warrant "basic" performace which can be enhanced by adding extra rule sets & metas. Comments pls?
I think there are two solutions to this: 1 - We need more people in masscheck. That's held up because of a security issue. But my theory is more corpora, less swings on the scores. 2 - Perhaps we need something on scores for sandboxes that allows a minimum and a maximum threshold. I seem to remember a recent change that made any scores in sandbox a maximum. But in the end, algorithms that let spammers reuse old tricks after a time are going to need a balance between static scores and dynamic scores. I know every time I've look at getting rid of some old obscure rule, I see some new run of spam that makes me reconsider. In the meantime, if you have specific static scores, I'm happy to throw them on my server and test to lead to a vote here.
I suggest JH and myself review the los I have in mind and those with a score above 1.6 get added to a static 20_advance_fee.cf and in 50_scores.cf For scores higher thatn 2.0 we could round them -0.5 for "safety" These rule could then commented out in sandboxes. John? (via IM this could be pretty easy to handle) comments appreciated
(In reply to comment #2) > I suggest JH and myself review the los I have in mind and those with a score > above 1.6 get added to a static 20_advance_fee.cf and in 50_scores.cf > For scores higher thatn 2.0 we could round them -0.5 for "safety" > > These rule could then commented out in sandboxes. > > John? (via IM this could be pretty easy to handle) > > comments appreciated Looking at those rules and suggesting some static scores as well as moving them out of sandbox sounds fine to me. Will retain my veto if the scores are too high or I'm feeling bitter, though. regards, KAM
I don't have a problem promoting the ADVANCE_FEE_* rules to static, but I regularly modify the subrules as new 419s come across the wire. Is having a static rule that depends on a subrule in a sandbox considered kosher? Or would the subrules be moved out to static rule files as well, even given their non-static dynamicness? :)
Closing stale bug, these seem to be turned into sandbox already.