Hi Florian. Nein ich habe den kill bei 20.0 und die spamscore-map siehe anhang. hab ich die reihenfolge falsch oder was stimmt da nicht? grüße, steffen PS: Deine Box nimmt keine mails an? Am 17.03.2011 14:08, schrieb Florian Piekert: > Am 17.03.2011 13:52, schrieb Steffen Ille: > > Du hast aber auch scheinbar einen sehr hohen Kill Level bei Amavis > eingetragen? > > -Spam-Status: Yes, score=13.097 required=5 tests=[BAYES_99=3.5, > RATWARE_MS_HASH=2.148, RATWARE_OUTLOOK_NONAME=2.95, > RCVD_IN_DNSWL_NONE=-0.0001, URIBL_AB_SURBL=4.499] autolearn=no > > Bei mir wird mit einer score > 6.31 gnadenlos gelöscht. > > Ist der Empfänger bei amavis als spamlover definiert? > >> Hi Steve. >> They've changed something, the Signature doesn't catch it anymore. >> 230 Mails in 2 Minutes :-( >> >> Attached you'll find such a Mail as example. >> >> Cheers, Steffen >> >> >> Am 17.03.2011 13:49, schrieb Steffen Ille: >>> Hi Steve. >>> >>> The Signature Sanesecurity.Junk.39242.UNOFFICIAL >>> sucessfully catched it. I'va added a line to amavis to score it as Virus >>> not Spam. Besides: My postfix tells me, bogusmx.rfc-ignorant.org >>> also lists those senders now. >>> >>> Cheers, Steffen >>> >>> >>> Am 17.03.2011 12:35, schrieb Steve Basford: >>>> >>>>> >>>>> How can I get rid of this? It rapidly fills my boxes. >>>>> >>>> Hi Steffen, >>>> >>>> Thanks for the sample... just put out an update on the mirrors, hopefully >>>> that should help. >>>> >>>> Cheers, >>>> >>>> Steve >>>> Sanesecurity >>>> >>>> >>> > >
@virus_name_to_spam_score_maps = (new_RE( # the order matters! [ qr'^Phishing\.' => 5.0 ], [ qr'^Structured\.(SSN|CreditCardNumber)\b' => 5.0 ], [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 5.0 ], [ qr'^Sanesecurity\.Junk\.39242' => 25.0 ], [ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep infected [ qr'^Sanesecurity\.' => 5.0 ], [ qr'^Sanesecurity_PhishBar_' => 5.0 ], [ qr'^Sanesecurity.TestSig_' => 5.0 ], [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 5.0 ], [ qr'^Email\.Spammail\b' => 5.0 ], [ qr'^MSRBL-(Images|SPAM)\b' => 5.0 ], [ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 5.0 ], [ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 5.0 ], [ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 5.0 ], [ qr'^Safebrowsing\.' => 5.0 ], [ qr'^winnow\.(phish|spam)\.' => 5.0 ], [ qr'^INetMsg\.SpamDomain' => 5.0 ], [ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected [ qr'^MBL_NA\.UNOFFICIAL' => 3.0 ], # false positives [ qr'^MBL_' => undef ], # keep as infected [ qr'^Sanesecurity\.Junk\.39242' => 25.0 ], ));