Am 26.05.2016 um 20:50 schrieb RW:
I noticed that Bayes is picking-up on very strong tokens from "eval" and "code" in headers like this: X-PHP-Originating-Script: 1013:global.php(1938) : eval()'d code The "eval()'d code" part is in just over 2% of my spam, but it's never occurred in a single ham in my corpus. The spams seem to be coming from exploited web-servers, and I'm wondering if it might be a symptom of the exploit
header CUST_PHP_EVAL X-PHP-Originating-Script =~ /eval\(\)\'d code/
score CUST_PHP_EVAL 1.0 describe CUST_PHP_EVAL Looks like from exploited webservers
signature.asc
Description: OpenPGP digital signature
