What is wrong with this Spamassassin META rule?

Question

I am 99.99% sure this rule set of rules used to work fine, but has started throwing up errors if the meta rule at the end is uncommented. This appears to be engine related, as it happens in multiple places.

The resulting error when I lint is:

Sep 10 09:42:41.113 [3984] warn: config: Strange rule token: 0.01039
Sep 10 09:42:42.031 [3984] warn: lint: 1 issues detected, please rerun with debug enabled for more information

Can anyone help tell me why?

body            DG_CHINAREGSCAM2a       /we.received.an.application/i
describe        DG_CHINAREGSCAM2a       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2a       0.01040

body            DG_CHINAREGSCAM2b       /their internet keyword/i
describe        DG_CHINAREGSCAM2b       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2b       0.01041

body            DG_CHINAREGSCAM2c       /China(.*)domain name/i
describe        DG_CHINAREGSCAM2c       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2c       0.01042

body            DG_CHINAREGSCAM2d       /necessary.to.send.email.to.you/i
describe        DG_CHINAREGSCAM2d       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2d       0.01043

body            DG_CHINAREGSCAM2e       /company is associated with your company or not/i
describe        DG_CHINAREGSCAM2e       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2e       0.01044

body            DG_CHINAREGSCAM2f       /conflicts.with.your.company/i
describe        DG_CHINAREGSCAM2f       Words commonly used by China Scammers
score           DG_CHINAREGSCAM2f       0.01045

#meta           DG_CHINAREGSCAM2        (( DG_CHINAREGSCAM2a + DG_CHINAREGSCAM2b + DG_CHINAREGSCAM2c + DG_CHINAREGSCAM2d + DG_CHINAREGSCAM2e + DG_CHINAREGSCAM2f) > 0.01039 )
#score          DG_CHINAREGSCAM2        3
#describe       DG_CHINAREGSCAM2        Email identified as China Registry Scam

I have worked around this rule problem in this particular case by changing the + / score model to using "||" for a match of any rules, but this wont work in all cases.

Is there a fix for this, or an obvious cause I can't see?

Answer 1

The linter is suggesting to use multiples, not fractions in arithmetic meta rules.

I believe your rules work anyway.. it is just not necessary to use anything beyond plain integers, and potentially implies a mistake in writing the rule, see below. State the number of matches you want to hit (e.g. 2) and apply weights by multiplying if necessary, e.g.:

meta   DG_CHINAREGSCAM2 (( 7*DG_CHINAREGSCAM2a + 7*DG_CHINAREGSCAM2b + 7*DG_CHINAREGSCAM2c + 4*DG_CHINAREGSCAM2d + 4*DG_CHINAREGSCAM2e + 3*DG_CHINAREGSCAM2f) > 10 )

---

It might look like its arithmetic on the attached score of the other tests - it is not. Every reference of other tests is counted as a multiple of 1:

meta SYMBOLIC_TEST_NAME boolean arithmetic expression

    Can also define an arithmetic expression in terms of other tests,
    with an unhit test having the value "0" and a hit test having a
    nonzero value.
    The value of a hit meta test is that of its
    arithmetic expression. The value of a hit eval test is that returned
    by its method.
    The value of a hit header, body, rawbody, uri, or
    full test which has the "multiple" tflag is the number of times the
    test hit. The value of any other type of hit test is "1".

- doc/Mail_SpamAssassin_Conf.txt