On Tuesday 28 November 2006 6:00 pm, Simon wrote: > I was getting these spam emails with the subject "Name wrote:", so > someone suggested i update SA and run sa-update. Which i have and its > now solved that issue - nice. > > But now im getting subject "hi it's Name", does someone have a custom > ruleset for this spam please? Im trying to write one myself with no > luck: > > header HI_ITS_NAME Subject =~ /\bhi\sit's\s+[a-z]/i > describe HI_ITS_NAME Hi It's Name in Subject > score HI_ITS_NAME 6.5
Content analysis details: (37.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.8 RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam)
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.0 BOTNET_NORDNS IP address has no PTR record
1.7 SARE_MLB_Stock2 BODY: SARE_MLB_Stock2
0.8 SARE_LWSHORTT BODY: SARE_LWSHORTT
2.0 FB_LIKE_NIGERIA BODY: FB_LIKE_NIGERIA
1.7 SARE_PROLOSTOCK_SYM1 BODY: Last week's hot stock scam
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9994]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
10 CLAMAV Clam AntiVirus detected a virus
0.8 DIGEST_MULTIPLE Message hits more than one network digest check
5.0 BOTNET Any Botnet rule hit
1.0 SAGREY Adds 1.0 to spam from first-time senders
Picks up 37 points on my box with the above.
--
Chris
pgpoDHSFvris6.pgp
Description: PGP signature
