In the spamtest/virustest draft there is the following example:
if spamtest :value "ge" :comparator "i;ascii-numeric" "3"
{
fileinto "INBOX.spam-trap";
}
elsif spamtest :is "NIL"
{
fileinto "INBOX.unclassified";
}
When the virus scanner or the anti spam scanner fail, I presume we give the
spamtest/virustest a "NIL" value as though it never even passed through the
scanner. So according to RFC2244, when we use ascii-numeric, that seems to
imply that "NIL" turns into a very large number. Is that right?
RFC 2244 ACAP November 1997
i;ascii-numeric
Operations: Ordering, Equality
The i;ascii-numeric comparator interprets strings as decimal
positive integers represented as US-ASCII digits. All values
which do not begin with a US-ASCII digit are considered equal
with an ordinal value higher than all non-NIL single-valued
attributes. Otherwise, all US-ASCII digits (octet values
0x30 to 0x39) are interpreted starting from the beginning of
the string to the first non-digit or the end of the string.
That being said, we would never file anything to the "unclassified" folder
as "a very large number" is greater than "3". Also If we define the
spamtest/virustest values as:
Internet Draft SIEVE Spamtest and Virustest Extensions April 2003
The spamtest result is a string starting with a numeric value in the
range "0" (zero) through "10", with "0" meaning the message is
definitely clear of spam, and "10" meaning the message is definitely
spam. The underlying SIEVE implementation will map whatever spam
check is done into this numeric range, as appropriate. If the
message has not been categorised by any spam checking tools, then
the spamtest result is "NIL".
Does that mean that the "NIL" value gets a score of higher than 10 and is
therefore really really really definately spam/a virus?
Is the example therefore not better written as:
if spamtest :is "NIL"
{
fileinto "INBOX.unclassified";
}
elsif spamtest :value "ge" :comparator "i;ascii-numeric" "3"
{
fileinto "INBOX.spam-trap";
}
I'd also suggest that we use a different value to "NIL", perhaps "5 NIL" so
that the 5 is mid range 50/50 spam/virus and the "NIL" as the string to say
that scanning failed to protect users from making the fairly subtle mistake
of treating scan failures as either "definately not spam" or "definately
spam".
Or did I misunderstand somewhere.... :o/
Nigel