Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: spamassassin.apache.org > users > 08 > 068987.html (Request Expert spamassassin.apache.org Support)

Re: Lots of spam with the following snip

From: Chris <cpollock(at)embarqmail.com>
Date: Mon Jun 30 2008 - 20:57:30 EDT


On Monday 30 June 2008 6:04 pm, Steven W. Orr wrote:
> <p>God dag,<strong> </strong></p><span> </span>
> <a name="#qppp">
> </a><br><br>***<br>
> Warning!<br>
> This letter contains a virus which has been<br>
> successfully detected and cured.
> <br>***<br>
>
> The part that's noteworthy is this:
>
>
> <br>***<br>
> Warning!<br>
> This letter contains a virus which has been<br>
> successfully detected and cured.
> <br>***<br>
>
> Does someone have rule for this ready made?
>
> Thanks

Scored pretty well here, do you have network check active? The "SOUGHT" rules scored well too. The 'virus' that was detected is a sanesecurity sig:

X-Spam-Virus: Yes (Email.Spam.Gen3531.Sanesecurity.08062603)

Content analysis details:   (23.0 points, 5.0 required)

 pts rule name              description 

---- ---------------------- --------------------------------------------------
 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <
http://www.spamcop.net/bl.shtml?79.86.225.100>]
 0.9 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [79.86.225.100 listed in zen.spamhaus.org]
 3.0 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
 1.0 RELAYED_BY_DIALUP      Sent directly from dynamic IP address
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5844]
-0.0 DCC_CHECK_NEGATIVE     Not listed in DCC
                            [cpollock 1117; Body=1 Fuz1=5 Fuz2=5]
  10 CLAMAV                 Clam AntiVirus detected a virus
 0.1 RDNS_DYNAMIC           Delivered to trusted network by host with
                            dynamic-looking rDNS
 4.0 JM_SOUGHT_1            JM_SOUGHT_1
 1.0 SAGREY                 Adds 1.0 to spam from first-time senders 
-- 
Chris
KeyID 0xE372A7DA98E6705C



    

  • application/pgp-signature attachment: stored
Received on Mon Jun 30 21:00:36 2008

This archive was generated by hypermail 2.1.8 : Tue Sep 02 2008 - 02:53:24 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library