Re: "Present" slipping through - same as "insider information"

Thu, 28 Dec 2006 06:46:42 -0800 

On Thursday 28 December 2006 8:12 am, Vernon Webb wrote:
> I have a ton of these emails getting through that have the sender's name
> and the word Present getting through and they are the same as the insider
> information from last week. I have MailScanner, SpamAssassin, SARE, Botnet,
> Razor2, Pyzor, ClamAv and f-prot all installed and as far as I know working
> properly. Anyone else having this issue?
>
> Thanks

They're not slipping through here:

Content analysis details:   (45.7 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 4.2 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP addr
                            1)
 2.8 RCVD_FORGED_WROTE      Forged 'Received' header found ('wrote:' spam)
 5.0 BOTNET                 Relay might be a spambot or virusbot
[botnet0.7,ip=70.62.66.95,hostname=rrcs-70-62-66-95.midsouth.biz.rr.com,maildomain=ace-ina.com,client,ipinhostname]
 1.7 SARE_MLB_Stock1        BODY: SARE_MLB_Stock1
 1.7 SARE_MLB_Stock2        BODY: SARE_MLB_Stock2
 0.8 SARE_LWSHORTT          BODY: SARE_LWSHORTT
 1.5 IXHASH                 BODY: Classified as spam at iX Magazine, Germany
 1.5 LOGINHASH2             BODY: Classified as spam at unknown company, 
Germany
 1.5 LOGINHASH1             BODY: Spam at LogIn&Solutions AG, Germany
 5.0 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 3.7 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
 2.2 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
  10 CLAMAV                 Clam AntiVirus detected a virus
 0.8 DIGEST_MULTIPLE        Message hits more than one network digest check
 1.0 SAGREY                 Adds 1.0 to spam from first-time senders

Are you running any network tests? Any SARE rule sets installed? Steve Basford 
does a fantastic job with his add-on clamav signature files for phishing and 
scam messages. This one was tagged as X-Spam-Virus: Yes 
(Email.Stk.Gen124.Sanesecurity.06122204). But even without the clamav tag 
this would have still been picked up as spam.

HTH

-- 
Chris
http://learn.to/quote

Attachment: pgpKPDBfSerCc.pgp
Description: PGP signature

Reply via email to