Bug 5888 - __VBOUNCE_AUTOMATIC generates FPs
Summary: __VBOUNCE_AUTOMATIC generates FPs
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.2.1
Hardware: All All
: P5 normal
Target Milestone: 3.3.0
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
: 5540 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-04-20 21:16 UTC by Roldan Afundar
Modified: 2008-06-16 02:34 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
moves the rule to the BOUNCE_MESSAGE section patch None mouss [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roldan Afundar 2008-04-20 21:16:29 UTC 
+++ This bug was initially created as a clone of Bug #5540 +++

The AutoReply string in __VBOUNCE_AUTOMATIC generates false positives against 
some legitimate "out of office" replies.  Example:

Subject: Out of Office AutoReply: <subject of original message>

This check seems to be too generic for a virus bounce check.
Comment 1 Justin Mason 2008-04-21 01:28:42 UTC 
OOO bounces are supposed to be detected by BOUNCE_MESSAGE -- I can see that that rule will fine with a VBOUNCE_MESSAGE hit as well.  agreed, it shouldn't do that.
Comment 2 Justin Mason 2008-06-12 03:04:35 UTC 
*** Bug 5540 has been marked as a duplicate of this bug. ***
Comment 3 Matus UHLAR - fantomas 2008-06-12 06:18:55 UTC 
looking at it now, I think that following rule shouldn't be put into VBOUNCE but into BOUNCE.

header   __VBOUNCE_AUTOMATIC Subject =~ /\b(automatic reply|AutoReply)\b/

I've seen many autoreplies containint either AutoReply or "automatic reply".
If anyone receives much of real virus bounces, please comment
Comment 4 Justin Mason 2008-06-12 06:27:30 UTC 
yes - I agree.  if you feel like adding a patch to do that, I'd be very grateful ;)
Comment 5 mouss 2008-06-14 10:15:31 UTC 
Created attachment 4328 [details]
moves the rule to the BOUNCE_MESSAGE section

- commented out __VBOUNCE_AUTOMATIC
- copied the rule definition as __BOUNCE_AUTO_REPLY
- removed __VBOUNCE_AUTOMATIC from VBOUNCE_MESSAGE
- added __BOUNCE_AUTO_REPLY to BOUNCE_MESSAGE
Comment 6 Justin Mason 2008-06-16 02:34:58 UTC 
thanks!  applied to trunk (with some changes since the ruleset is different there nowadays):

: jm 11...; svn commit -m "bug 5888: remove __VBOUNCE_AUTOMATIC and move to BOUNCE_MESSAGE meta set -- 'automatic replies' are just bounces, not specifically virus-bounces. thanks to mouss for the fix" rules/20_vbounce.cf
Sending        rules/20_vbounce.cf
Transmitting file data .
Committed revision 668088.

and updated the 3.2.x version with trunk's:

: jm 13...; svn commit -m "bug 5888: remove __VBOUNCE_AUTOMATIC and move to BOUNCE_MESSAGE meta set -- 'automatic replies' are just bounces, not specifically virus-bounces. thanks to mouss for the fix.  also bundle in all recent fixes to vbounce ruleset from trunk" rules/20_vbounce.cf
Sending        rules/20_vbounce.cf
Transmitting file data .
Committed revision 668089.

and updates:

svn commit -m "update VBounce ruleset in 3.2.x updates to match current trunk" /home/jm/ftp/sa/b3_2_0_updates/20_vbounce.cf
Sending        b3_2_0_updates/20_vbounce.cf
Transmitting file data .
Committed revision 668090.