Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 12668 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pure Message rules and scores/weights

ExperisysIT-Ltd

Does any one have any info on how to read the PM rules / scores / weights applied to messages? I need to identify why some messages are attracting scores but, the X-Headers don't really explian to well.

I get a score of 25 for some messages with the following but, can't tell if all thse rules contribute to the score, what they mean or how any applied score is weighted.

PHISH_SPEAR_HTTP_RECEIVED 0
FROM_NAME_PHRASE 0
__TO_MALFORMED_2 0
__TO_NO_NAME 0
__MIME_VERSION 0
__CT 0
__CTYPE_MULTIPART_ALT 0
__CTYPE_HAS_BOUNDARY 0
__CTYPE_MULTIPART 0
__HAS_X_MAILER 0
__HAS_LIST_UNSUBSCRIBE 0
__HAS_MSGID 0
__SANE_MSGID 0
__HAS_XOAT 0
__ANY_URI 0
LINK_TO_IMAGE 0
__URI_NO_MAILTO 0
__FRAUD_MONEY_VALUE 0
__FRAUD_WINNER 0
__CP_URI_IN_BODY 0
__CANPHARM_COPYRIGHT 0
__FRAUD_LOC 0
SUPERLONG_LINE 0.05
__CANPHARM_NEWSLETTER_MSG 0
__HTML_BOLD 0
__HAS_HTML 0
BODY_SIZE_10000_PLUS 0
BODYTEXTP_SIZE_3000_LESS 0
__MIME_HTML 0
__IMGSPAM_TABLE_1 0
__TAG_EXISTS_HTML 0
__URI_NS 0
SXL_IP_TFX_ESG 0
HTML_70_90 0.1
HTML_FONT_INVISIBLE 1.0
__FRAUD_MONEY 0
FRAUD_X3 1.667
IMGSPAM_TABLE_1 0
WEBMAIL_SOURCE 0
__HAS_LIST_HEADER 0
BULK_EMAIL_SENDER 0

:21317


This thread was automatically locked due to age.
  • 0

    Ok, so nobody knows ......

    Looking at  c:\Program Files\Sophos\PureMessage\datadir\db.summary I can see what appears to regular expression tests.

    The c:\program Files\Sophos\PureMessage\datadir\asdb.antispam contains what appears to the rules, domain names, hash of known spam messages etc but, doesn't show the scores.

    Both files have a recent data and time so I suspect they're updated as PM updates - probably with pmxcompile.exe which seem sto run everytime theres an update downloaded.

    What I really need is something like http://spamassassin.apache.org/tests_3_3_x.html ..... only for Sophso PM

    :21371
  • 0

    I can offer the following:

    The number after the rule name is the score for the rule. The rules with a score of zero are generally meta-rules, which are used in combination to form weighted rules where applicable.

    The weighted rules that fired on your message are:

    SUPERLONG_LINE 0.05

    FRAUD_X3 1.667

    HTML_FONT_INVISIBLE 1.0

    HTML_70_90 0.1

    The obvious one to look at would be the FRAUD_X3 rule.

    I don't recall how a point score gets converted into a percentage but from memory, a score of 8 or more is just over the default threshold. 

    hth

    Neil

    :21445
  • 0

    The algorithm used to calculate final results based on scoring is detailed i the PMX online help.

    Pedro.

    :21717
Unfiltered HTML