Botnet seems to have caught that just fine (it's listed in the rules which were triggered). The problem is either that you're running it at a lower score (which you could also do for Botnet0.8 if you wanted to upgrade -- their default scores are exactly the same), or you need other rules/configs to supplement your overall scoring system.
But, you can't blame this one on Botnet. It scored on the message you're reporting. On Sat, Jun 13, 2009 at 18:10, MySQL Student<mysqlstud...@gmail.com> wrote: > Hi all, > > I'm using SA-3.2.5 on Linux and my system is being deluged with spam that > isn't being caught, apparently from botnets. I'm using botnet-0.7. The > subject is random and the "Received from" header is always an unresolvable > IP. Is there a more robust botnet plugin that may be more effective? > Botnet-v08 was catching too many FPs. (score too high). The body is also > quite random -- enough so as to keep bayes usually at 50 or less. > > Is there a later version of SA that's stable? > > Here's the relevant headers: > > Received: from [78.97.185.89] (unknown [78.97.185.89]) > Message-ID: <krszdjkabfqdkcf.iodbkvqhqtyymyw83588989...@[78.97.185.89]> > Subject: Where is this bar? > MIME-Version: 1.0 > Content-Type: text/html; charset="utf-8" > Content-Transfer-Encoding: 7bit > Date: Sat, 13 Jun 2009 04:05:44 -0400 (EDT) > X-Virus-Scanned: by amavisd-new at mydomain.com > X-Spam-Status: No, hits=4.9 tagged_above=-300.0 required=5.0 use_bayes=1 > tests=BAYES_50, BOTNET, HTML_MESSAGE, MIME_HTML_ONLY, RDNS_NONE, > URIBL_BLACK > X-Spam-Level: **** > > The body is HTML and contains the following: > > Click here to view this message as a web page. > > Copyright © 2002-2009 by the Pyahqql, Inc. > All rights reserved. > > Click here if this picture is blocked > > Home | Contact Us | Privacy Policy | Terms of Use | Unsubscribe | > > Where can I go from here? > > Thanks, > Alex > >
