- the header and body scan in assp.pl is skipped, if ASSP_AFC is active
- ASSP_AFC does not scan the MIME header - it only scans MIME parts.
- the final filescan scans the complete mail (header and body)
So : 'SecuriteInfo.com.Spam-718.UNOFFICIAL' must be a hit in the MIME
header.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 18.07.2018 17:10
Betreff: Re: [Assp-test] Spam found using ClamAV still being
delivered?
I can't find any setting that would prohibit a regular scan from happening
for the instances that I've found. Do you have suggestions of where to
look?
On Sun, Jul 15, 2018 at 1:38 AM Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
>I'm sorry, I don't understand what you mean. What do you mean "any
header part causes this detection?"
for example: ASSP_AFC scans each MIME part separately (MIME is decoded
here)
or : any defined scan exception prevents the regular scan (check your
setup)
The final scan is done for the complete MIME source, if the regular scan
was skipped for any reason. It may happen, that a unofficial hit is found
for this case - but not in any other case.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 14.07.2018 21:10
Betreff: Re: [Assp-test] Spam found using ClamAV still being
delivered?
I'm sorry, I don't understand what you mean. What do you mean "any header
part causes this detection?"
The unofficial securiteinfo clam definitions do a nice job of detecting
spam that bayesian might not. I just don't understand why all of a sudden
>some< mail doesn't seem to be scanned during delivery.
On Sat, Jul 14, 2018 at 12:55 AM Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
>SecuriteInfo.com.Spam-718.UNOFFICIAL
For me it looks like any header part causes this detection. The header is
not scanned regulary - but the complete mail (the file) is scanned finaly.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 13.07.2018 16:24
Betreff: Re: [Assp-test] Spam found using ClamAV still being
delivered?
Thanks Thomas as always. Where is that setting though? I've never seen
this happen before, the signatures regularly reject messages >prior< to
delivery. Could anything else be causing the scan to be skipped during
the delivery process?
On Fri, Jul 13, 2018 at 1:54 AM Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
Your settings prevent assp from scanning the mail regulary (while
processed). Because this is (may be) wanted, assp scans the stored corpus
file to be sure, that there is no virus in the file.
You can see this - the file is scanned after disconnect.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 12.07.2018 18:18
Betreff: Re: [Assp-test] Spam found using ClamAV still being
delivered?
and sorry, this one was Swedish, but still.
On Thu, Jul 12, 2018 at 12:15 PM K Post <nntp.p...@gmail.com> wrote:
I can't figure this one out.
French language message slips through bayesian and HMM because almost
everything is in English here. BUT, one of the SecureSite unofficial
clamav lists catches it. GREAT.
However, for some reason, this message was still delivered to our user.
In the log, it goes to OK mail and THEN gets scored by ClamAV. That's not
normal right?
What could I be missing on this one?
Jul-12-18 06:19:31 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org DKIM-Signature found
Jul-12-18 06:19:39 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org checking MX/A for apsis.com , chef.anpdm.com ,
chef.se
Jul-12-18 06:19:40 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org apsis.com - MX 'aspmx.l.google.com' - got IP
(209.85.201.27)
Jul-12-18 06:19:40 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org chef.anpdm.com - MX 'mx10.anpdm.com' - got IP
(91.213.250.35)
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org chef.se - MX '
chef-se.mail.protection.outlook.com' - got IP (213.199.154.106)
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org MX found: apsis.com (List-Unsubscribe) ->
aspmx.l.google.com
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org A record found for MX: apsis.com
(List-Unsubscribe) -> 209.85.201.27
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org MX found: chef.anpdm.com (Mail From:) ->
mx10.anpdm.com
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org A record found for MX: chef.anpdm.com (Mail
From:) -> 91.213.250.35
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org MX found: chef.se (Reply-To , From) ->
chef-se.mail.protection.outlook.com
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org A record found for MX: chef.se (Reply-To ,
From) -> 213.199.154.106
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org HMM-Check has given less than 6 results - using
monitoring mode only
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org Bayesian Check [scoring] - Prob: 1.00000 -
Confidence: 0.00004 => doubtful.spam - answer/query relation: 27% of 54
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org Message-Score: added 25 for Bayesian
Probability: 1.00000, total score for this message is now 25
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org info: found DKIM signature identity '@anpdm.com
'
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org [scoring] DKIM signature verified-OK - pass -
identity is: @anpdm.com - sender policy is: neutral - author policy is:
neutral
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org Message-Score: added -5 (dkimOkValencePB) for
DKIM pass, total score for this message is now 20
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org [Plugin] calling plugin ASSP_AFC
Jul-12-18 06:19:41 59810-00211 [MessageOK] x.x.208.208 <
senderstr...@chef.anpdm.com> to: ouru...@ourcharity.org message ok [Saknar
du din chef p semestern Nominera hen till Chefgalan] ->
messages/okmail/Saknar_du_din_chef_p_semestern_Nominera_hen_till_Chefgalan--2657839.txt
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org finished message - received DATA size: 21.73
kByte - sent DATA size: 22.85 kByte
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org disconnected: session:F51B9E10 x.x.208.208 -
processing time 13 seconds
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org ClamAV: scanned 22973 bytes in file
messages/okmail/Saknar_du_din_chef_p_semestern_Nominera_hen_till_Chefgalan--2657839.txt
- FOUND SecuriteInfo.com.Spam-718.UNOFFICIAL
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org deleting spamming safelisted tuplet:
(x.x.208.0,chef.anpdm.com) age: 11s
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <senderstr...@chef.anpdm.com>
to: ouru...@ourcharity.org Message-Score: added 50 (vdValencePB) for virus
detected: 'SecuriteInfo.com.Spam-718.UNOFFICIAL', total score for this
message is now 70
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test