In the spamtest/virustest draft there is the following example:
if spamtest :value "ge" :comparator "i;ascii-numeric" "3"
{
fileinto "INBOX.spam-trap";
}
elsif spamtest :is "NIL"
{
fileinto "INBOX.unclassified";
}
I pointed out that this is broken in an earlier email.
When the virus scanner or the anti spam scanner fail, I presume we give the
spamtest/virustest a "NIL" value as though it never even passed through the
scanner. So according to RFC2244, when we use ascii-numeric, that seems to
imply that "NIL" turns into a very large number. Is that right?
Yes.
Does that mean that the "NIL" value gets a score of higher than 10 and is
therefore really really really definately spam/a virus?
Yes.
Is the example therefore not better written as:
if spamtest :is "NIL"
{
fileinto "INBOX.unclassified";
}
elsif spamtest :value "ge" :comparator "i;ascii-numeric" "3"
{
fileinto "INBOX.spam-trap";
}
Yes.
I'd also suggest that we use a different value to "NIL", perhaps "5 NIL" so
that the 5 is mid range 50/50 spam/virus and the "NIL" as the string to say
that scanning failed to protect users from making the fairly subtle mistake
of treating scan failures as either "definately not spam" or "definately
spam".
I dislike assigning a default value in the middle of the range when no check
has been done. I guess I could live with making 0 a special "no check has been
done" value.
Ned