[sanesecurity] Fwd: Re: Re: Need help with external Spammer
- From: Steffen Ille <steffen@xxxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 17 Mar 2011 14:23:52 +0100
Hi Florian.
Nein ich habe den kill bei 20.0 und die spamscore-map siehe anhang.
hab ich die reihenfolge falsch oder was stimmt da nicht?
grüße, steffen
PS: Deine Box nimmt keine mails an?
Am 17.03.2011 14:08, schrieb Florian Piekert:
> Am 17.03.2011 13:52, schrieb Steffen Ille:
>
> Du hast aber auch scheinbar einen sehr hohen Kill Level bei Amavis
> eingetragen?
>
> -Spam-Status: Yes, score=13.097 required=5 tests=[BAYES_99=3.5,
> RATWARE_MS_HASH=2.148, RATWARE_OUTLOOK_NONAME=2.95,
> RCVD_IN_DNSWL_NONE=-0.0001, URIBL_AB_SURBL=4.499] autolearn=no
>
> Bei mir wird mit einer score > 6.31 gnadenlos gelöscht.
>
> Ist der Empfänger bei amavis als spamlover definiert?
>
>> Hi Steve.
>> They've changed something, the Signature doesn't catch it anymore.
>> 230 Mails in 2 Minutes :-(
>>
>> Attached you'll find such a Mail as example.
>>
>> Cheers, Steffen
>>
>>
>> Am 17.03.2011 13:49, schrieb Steffen Ille:
>>> Hi Steve.
>>>
>>> The Signature Sanesecurity.Junk.39242.UNOFFICIAL
>>> sucessfully catched it. I'va added a line to amavis to score it as Virus
>>> not Spam. Besides: My postfix tells me, bogusmx.rfc-ignorant.org
>>> also lists those senders now.
>>>
>>> Cheers, Steffen
>>>
>>>
>>> Am 17.03.2011 12:35, schrieb Steve Basford:
>>>>
>>>>>
>>>>> How can I get rid of this? It rapidly fills my boxes.
>>>>>
>>>> Hi Steffen,
>>>>
>>>> Thanks for the sample... just put out an update on the mirrors, hopefully
>>>> that should help.
>>>>
>>>> Cheers,
>>>>
>>>> Steve
>>>> Sanesecurity
>>>>
>>>>
>>>
>
>
@virus_name_to_spam_score_maps =
(new_RE( # the order matters!
[ qr'^Phishing\.' => 5.0 ],
[ qr'^Structured\.(SSN|CreditCardNumber)\b' => 5.0 ],
[ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 5.0 ],
[ qr'^Sanesecurity\.Junk\.39242' => 25.0 ],
[ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep infected
[ qr'^Sanesecurity\.' => 5.0 ],
[ qr'^Sanesecurity_PhishBar_' => 5.0 ],
[ qr'^Sanesecurity.TestSig_' => 5.0 ],
[ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 5.0 ],
[ qr'^Email\.Spammail\b' => 5.0 ],
[ qr'^MSRBL-(Images|SPAM)\b' => 5.0 ],
[ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 5.0 ],
[ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 5.0 ],
[ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 5.0 ],
[ qr'^Safebrowsing\.' => 5.0 ],
[ qr'^winnow\.(phish|spam)\.' => 5.0 ],
[ qr'^INetMsg\.SpamDomain' => 5.0 ],
[ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected
[ qr'^MBL_NA\.UNOFFICIAL' => 3.0 ], # false positives
[ qr'^MBL_' => undef ], # keep as infected
[ qr'^Sanesecurity\.Junk\.39242' => 25.0 ],
));
Other related posts:
