Re: Abused accounts

Tue, 15 Mar 2016 09:29:23 -0700 


Am 15.03.2016 um 17:07 schrieb Robert Boyl:

Hi, everyone

Please check http://pastebin.com/GUBqpyZ8

Interesting how some spams that abuse some legit account such as this
one are hard to detect, how Spamassassin scores almost nothing although
there are spammy works, etc. System caught DCC_CHECK 1.10.

Some other systems such as isnotspam.com <http://isnotspam.com> caught
some SA rule which doesnt exist anymore in latest SA...
AXB_X_FF_SEZ_S=3.10.

Any ways to report such spams to spamassassin devels so they can try to
create new rules?

Any tips how to mark such mails as spam?


easy to detect and no way to slip through our filters
Barracuda Networks *lol* we where victims of that noobs too...

X-Barracuda-Envelope-From: williams.1...@osu.edu
X-Barracuda-Apparent-Source-IP: 157.56.111.246
X-Barracuda-Envelope-To: XXX


/var/www/uploadtemp/7f4da2b4dac87498e3828802c5b22fc098e963be.eml: 
Sanesecurity.Spear.williams_dot_1727_at_osu_dot_edu.UNOFFICIAL FOUND
/var/www/uploadtemp/7f4da2b4dac87498e3828802c5b22fc098e963be.eml: 
ScamNailer.Phish.williams.1727_AT_osu.edu.UNOFFICIAL FOUND
/var/www/uploadtemp/7f4da2b4dac87498e3828802c5b22fc098e963be.eml: 
Sanesecurity.Spear.williams_dot_1727_at_osu_dot_edu.UNOFFICIAL FOUND
/var/www/uploadtemp/7f4da2b4dac87498e3828802c5b22fc098e963be.eml: 
Sanesecurity.Spear.williams_dot_1727_at_osu_dot_edu.UNOFFICIAL FOUND
/var/www/uploadtemp/7f4da2b4dac87498e3828802c5b22fc098e963be.eml: 
ScamNailer.Phish.williams.1727_AT_osu.edu.UNOFFICIAL FOUND
/var/www/uploadtemp/7f4da2b4dac87498e3828802c5b22fc098e963be.eml: 
Sanesecurity.Spear.williams_dot_1727_at_osu_dot_edu.UNOFFICIAL FOUND


----------- VIRUS-SCAN SUMMARY -----------
Infected files: 1
Time: 0.024 sec (0 m 0 s)
Content analysis details:   (18.4 points, 5.5 required)

 pts rule name              description

---- ---------------------- 
--------------------------------------------------

-0.2 CUST_DNSWL_8           RBL: dnswl-aggregate.thelounge.net (No Trust)

                      [157.56.111.246 listed in 
dnswl-aggregate.thelounge.net]

 0.1 CUST_DNSBL_33          RBL: dnsbl-backscatterer.thelounge.net
                            (ips.backscatterer.org)

                  [157.56.111.246 listed in 
dnsbl-backscatterer.thelounge.net]

 7.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 0.9995]
 3.1 AXB_X_FF_SEZ_S         Forefront sez this is spam
-0.1 CUST_DNSWL_5           RBL: list.dnswl.org (No Trust)
                            [157.56.111.246 listed in list.dnswl.org]
 0.5 CUST_DNSBL_31          RBL: bl.nszones.com
                            [157.56.111.246 listed in bl.nszones.com]
 1.0 CUST_DNSBL_23          RBL: bl.spamcannibal.org
                            [157.56.111.246 listed in bl.spamcannibal.org]
-0.1 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                            [157.56.111.246 listed in wl.mailspike.net]

 1.5 CUST_DNSBL_21          RBL: score.senderscore.com (senderscore.com 
High)
                            [157.56.111.246 listed in 
score.senderscore.com]
 1.0 CUST_DNSBL_25          RBL: score.senderscore.com (senderscore.com 
Medium)

 0.4 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 0.9995]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.7 LOTS_OF_MONEY          Huge... sums of money
 0.5 CUST_SUBJ_6            Begins Very Low
 2.5 MONEY_FROM_41          Lots of money from Africa
 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information




Attachment:
signature.asc

Description: OpenPGP digital signature























					Reply via email to