From 3ebb18826712b50906ebca1a9318a99286ebd715 Mon Sep 17 00:00:00 2001
From: defkev <defkev@gmail.com>
Date: Sun, 11 Jul 2021 01:51:42 +0200
Subject: [PATCH] [Feature] Pyzor calculate score dynamically Count - WL-Count
 of default_score in percent

---
 lualib/lua_scanners/pyzor.lua | 42 ++++++++++++-----------------------
 1 file changed, 14 insertions(+), 28 deletions(-)

diff --git a/lualib/lua_scanners/pyzor.lua b/lualib/lua_scanners/pyzor.lua
index dd9205e7df..ef9ece824f 100644
--- a/lualib/lua_scanners/pyzor.lua
+++ b/lualib/lua_scanners/pyzor.lua
@@ -41,7 +41,7 @@ local function pyzor_config(opts)
     detection_category = "hash",
     cache_expire = 7200, -- expire redis in one hour
     message = '${SCANNER}: Pyzor bulk message found: "${VIRUS}"',
-    default_score = 1,
+    default_score = 1.5,
     action = false,
   }
 
@@ -139,33 +139,19 @@ local function pyzor_check(task, content, digest, rule)
         --rspamd_logger.infox(task, "%s - count=%s wl=%s", addr:to_string(), reported, whitelisted)
 
         --[[
-        @todo: Implement math function to calc the score dynamically based on return values.
-        Maybe check spamassassin implementation.
-        ]] --
-        local entries = reported - whitelisted
-
-        local weight = 0
-
-        if entries >= 100 then
-          weight = 1.5
-        elseif entries >= 25 then
-          weight = 1.25
-        elseif entries >= 5 then
-          weight = 1.0
-        elseif entries >= 1 and whitelisted == 0 then
-          weight = 0.2
-        end
-
-        if whitelisted >= 100 then
-          weight = weight - 1.5
-        elseif whitelisted >= 25 then
-          weight = weight - 1.25
-        elseif whitelisted >= 5 then
-          weight = weight - 1.0
-        elseif whitelisted >= 1 then
-          weight = weight - 0.2
-        end
-
+        Weight is Count - WL-Count of rule.default_score in percent, e.g.
+        SPAM:
+          Count: 100 (100%)
+          WL-Count: 1 (1%)
+          rule.default_score: 1
+          Weight: 0.99
+        HAM:
+          Count: 10 (100%)
+          WL-Count: 10 (100%)
+          rule.default_score: 1
+          Weight: 0
+        ]]
+        local weight = tonumber(string.format("%.2f", rule.default_score * (reported - whitelisted) / (reported + whitelisted)))
         local info = string.format("count=%d wl=%d", reported, whitelisted)
         local threat_string = string.format("bl_%d_wl_%d", reported, whitelisted)
 
-- 
2.47.3