On Saturday 16 August 2008 6:09 am, Greg Troxel wrote: > distill <[EMAIL PROTECTED]> writes: > > I've been receiving these "msnbc.com - BREAKING NEWS" spams recently. > > I've made sure that all of those spams (over 40 of them) are manually > > trained to be spam. SpamAssassin does filter out those messages about 75% > > of the time. However, even after this careful manual training some of > > those spams are still getting through (my score threshold is now 4.4). I > > get the feeling that the training doesn't have any effect. Is there > > something wrong or is SpamAssassin just incapable of learning this? The > > msnbc spams are almost identical to eachother with lots of words, so I > > would imagine this should be an easy task. > A bit more clarification on Steve's experimental rogue sigs:
"Just to clarify... the rogue.hdb will detect only the exe's that the fake news/videos are trying to get you to run. Inside the phish.ndb file, there are sigs to block the actual emails, before the user even gets to click anything, which might be best for the original poster to use :) Sigs such as, the following should block most of the fake news emails: Email.Malware.Sanesecurity.08080802.StormNews.CnnGen Email.Malware.Sanesecurity.08081301.StormNews.MSNBCGen Email.Malware.Sanesecurity.08081509.StormNews.BBCGen The fake video ones, are usually covered by the Malware ones, such as: Email.Malware.Sanesecurity.08081604" -- Chris KeyID 0xE372A7DA98E6705C
pgpAO0oyygePI.pgp
Description: PGP signature
