Emin Akbulut wrote:
> I tried to train SA with tons of spam messages which contains zip file
> (includes .js)
> The max spam score was lesser than 5 so I did set 4 to delete messsages.
>
> Then same kind of spam messages appear with the score of lesser than 2.
>
> In short; training the SA seems not helpful.
>
> What do you suggest to fight these spams?
I've had some luck doing that, but it takes a while.
I've also added some rules that should match on most of these messages:
mimeheader __ZIP_ATTACH_1 Content-Type =~
m{application/(?:x-)?zip(?:-compressed)?; name="[^"]+\.zip"}
mimeheader __ZIP_ATTACH_2 content-type =~
m{application/(?:x-)?zip(?:-compressed)?; name="[^"]+\.zip"}
meta ZIP_ATTACH __ZIP_ATTACH_1 || __ZIP_ATTACH_2
describe ZIP_ATTACH Has .zip attachment
score ZIP_ATTACH 0.001
(Note the different case for "Content-Type"; I found both were needed.)
-kgd
