Hi there
I just got a one-line piece of spam with a ipaddress-based URL. Probably
pointing at some "auto infect your Windows PC" app.
Anyway, it got a score of 0.1 out of 5 when it came in. 4 hours later it
had showed up in several RBLs and the score was pushed up to 4.9.
My question is that it triggered NORMAL_HTTP_TO_IP, but that only adds
0.1 to the score. That seems really low to me. Are there really so many
"legitimate" IP-based URLs being sent around via email that makes a
higher score a bad idea?
Just wondering...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
