You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Vernon Webb <ve...@comp-wiz.com> on 2006/12/28 15:12:54 UTC
"Present" slipping through - same as "insider information"
I have a ton of these emails getting through that have the sender's name and the word
Present getting through and they are the same as the insider information from last
week. I have MailScanner, SpamAssassin, SARE, Botnet, Razor2, Pyzor, ClamAv and f-prot
all installed and as far as I know working properly. Anyone else having this issue?
Thanks
Re: "Present" slipping through - same as "insider information"
Posted by Chris <cp...@earthlink.net>.
On Thursday 28 December 2006 8:12 am, Vernon Webb wrote:
> I have a ton of these emails getting through that have the sender's name
> and the word Present getting through and they are the same as the insider
> information from last week. I have MailScanner, SpamAssassin, SARE, Botnet,
> Razor2, Pyzor, ClamAv and f-prot all installed and as far as I know working
> properly. Anyone else having this issue?
>
> Thanks
They're not slipping through here:
Content analysis details: (45.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
2.8 RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam)
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=70.62.66.95,hostname=rrcs-70-62-66-95.midsouth.biz.rr.com,maildomain=ace-ina.com,client,ipinhostname]
1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1
1.7 SARE_MLB_Stock2 BODY: SARE_MLB_Stock2
0.8 SARE_LWSHORTT BODY: SARE_LWSHORTT
1.5 IXHASH BODY: Classified as spam at iX Magazine, Germany
1.5 LOGINHASH2 BODY: Classified as spam at unknown company,
Germany
1.5 LOGINHASH1 BODY: Spam at LogIn&Solutions AG, Germany
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
10 CLAMAV Clam AntiVirus detected a virus
0.8 DIGEST_MULTIPLE Message hits more than one network digest check
1.0 SAGREY Adds 1.0 to spam from first-time senders
Are you running any network tests? Any SARE rule sets installed? Steve Basford
does a fantastic job with his add-on clamav signature files for phishing and
scam messages. This one was tagged as X-Spam-Virus: Yes
(Email.Stk.Gen124.Sanesecurity.06122204). But even without the clamav tag
this would have still been picked up as spam.
HTH
--
Chris
http://learn.to/quote
Re: "Present" slipping through - same as "insider information"
Posted by Duane Hill <d....@yournetplus.com>.
Vernon Webb wrote:
> I have a ton of these emails getting through that have the sender's name and the word
> Present getting through and they are the same as the insider information from last
> week. I have MailScanner, SpamAssassin, SARE, Botnet, Razor2, Pyzor, ClamAv and f-prot
> all installed and as far as I know working properly. Anyone else having this issue?
>
> Thanks
>
I, like Chris who posted results, don't have hardly any slipping through
here either. I don't have Pyzor, DCC or Razor running and have bayes
trained up. I do keep rules that I keep updated on a daily basis using
sa-update. Here is a header from one such message that was trapped:
X-Spam-Level: xxxxxxxxxxxxxx
X-Spam-Status: Hits:14.6 Learn:no Tests:BAYES_99,HELO_DYNAMIC_IPADDR,
RCVD_FORGED_WROTE,SARE_LWSHORTT,SARE_MLB_Stock1,SARE_MLB_Stock2
Re: "Present" slipping through - same as "insider information"
Posted by maillist <ma...@emailacs.com>.
Vernon Webb wrote:
> I have a ton of these emails getting through that have the sender's name and the word
> Present getting through and they are the same as the insider information from last
> week. I have MailScanner, SpamAssassin, SARE, Botnet, Razor2, Pyzor, ClamAv and f-prot
> all installed and as far as I know working properly. Anyone else having this issue?
>
> Thanks
>
>
I do not have that issue. Are you using sa-learn to learn the messages
as spam?
-=Aubrey=-