On Mon, 2008-02-18 at 06:14 -0600, Chris wrote: > On Monday 18 February 2008 4:33 am, ItsMikeE wrote: > > For some time now I have been getting spams that look like > > "Hello! I am tired this evening. I am nice girl that would like to chat > > with you. Email me at [EMAIL PROTECTED] only, because I am using my friend's > > email to write this. To see my pics" > > > > They are still not being picked up, despite me passing them to be learnt > > for the bayes DB. > > > > Has anyone written a rule to filter these out? > > My box catches these with the below and this is what ClamAv tags it as: > > X-Spam-Virus: Yes (MSRBL-SPAM.NiceGirl.2697) > > Content analysis details: (37.5 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 1.0 RELAY_CN Relayed through china > 5.0 BOTNET Relay might be a spambot or virusbot > [botnet0.8,ip=218.70.128.105,maildomain=800mhz.com,nordns] > 4.5 LOGINHASH BODY: iXhash says its spam > 2.5 IXHASH BODY: iXhash says its spam > 2.5 LOGINHASH2 BODY: iXhash says its spam > 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > 2.2 DCC_CHECK listed in DCC (http://rhyolite.com/anti-spam/dcc/) > [cpollock 1201; Body=26 Fuz1=375] > [Fuz2=many] > 10 CLAMAV Clam AntiVirus detected a virus > 0.0 DIGEST_MULTIPLE Message hits more than one network digest check > 0.1 RDNS_NONE Delivered to trusted network by a host with no > rDNS > 1.0 SAGREY Adds 1.0 to spam from first-time senders > > So even without running the ClamAv plug-in this would still get 27 points. > > HTH > Chris >
scoring BOTNET at 5.0 dont you get far too many FP's Besides how do you get clamav to score a plain text mail. Are you using the clam signatures for spam
