Re: [AMaViS-user] 2.6.3: bad header checking bypasss spam checks?

Sun, 03 May 2009 07:23:58 -0700 

> got an email with bad 8 bit  (spam)
> 
> spammers uses decimal 240 in place of space in subject line.
> 
> clamav sees spam: (sane security) but sa doesnt' (I don't think amavisd
> passed it to spamassassin)
> 
> X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char A0 hex):
> Subject: Her\240night\240moans\240gua[...]
> X-Spam-Flag: NO
> X-Spam-Score: 0
> X-Spam-Level: 
> X-Spam-Status: No, score=0 tagged_above=-999 required=5
> tests=[AV:Sanesecurity.Junk.15877.UNOFFICIAL=0] autolearn=unavailable

Second issue: it didn't quarantine it as a bad header either.
In amavisd.conf, have:

$bad_header_quarantine_method='sql:';
$spam_quarantine_method='sql:';

(and I know spam quarantine works)

In sql policy, have:

         virus_quarantine_to: NULL
          spam_quarantine_to: NULL
        banned_quarantine_to: NULL
    bad_header_quarantine_to: NULL
         clean_quarantine_to: sql:


(and I know clean quarantine works.. In fact, that bad header one got
'clean' quarantined)



Using sql policy, 
>
-- 
Michael Scheidell, CTO
>|SECNAP Network Security
Finalist 2009 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to