As requested, the example is bellow: Jul-29-09 03:00:51 Connected: 111.222.333.13:55106 -> 1.2.3.4:25 -> 127.0.0.1:125 Jul-29-09 03:00:51 recipi...@ourdomain.com matches recipi...@ourdomain.com in LocalAddresses_Flat Jul-29-09 03:00:51 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> accepting triplet: (111.222.333.0,spam...@spamdomain.com,recipi...@ourdomain.com) waited: 21m 50s Jul-29-09 03:00:51 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com recipient accepted: recipi...@ourdomain.com Jul-29-09 03:00:52 id-47251-00739 [BombHeader] 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com [scoring] (BombHeader Subject 'Receive SMS From'); Jul-29-09 03:00:52 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com added 10 (BombHeader Subject 'Receive SMS From'), total score for this message is now 10 Jul-29-09 03:00:52 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com deleting spamming safelisted tuplet: (111.222.333.0,mail.wnetrj.com.br) age: 1s Jul-29-09 03:00:52 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com added 10 (BombHeader Subject 'Receive SMS From'), total score for IP '111.222.333.13' is now 10 Jul-29-09 03:00:52 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com SenderBase(Cache) -- country:BR orgname:Wireless Internet S.A. domain:wnetrj.com.br Jul-29-09 03:00:56 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com added 6 (DNSBL: neutral, 111.222.333.13 listed in l2.apews.org), total score for this message is now 16 Jul-29-09 03:00:56 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com added 6 (DNSBL: neutral, 111.222.333.13 listed in l2.apews.org), total score for IP '111.222.333.13' is now 16 Jul-29-09 03:00:56 id-47251-00739 [DNSBL] 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com [scoring] (DNSBL: neutral, 111.222.333.13 listed in (l2.apews.org<-127.0.0.2; )) Jul-29-09 03:00:56 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com ClamAV: scanned 5021 bytes in message - OK Jul-29-09 03:00:58 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com [scoring] Bayesian Check - Prob: 1.00000 => spam Jul-29-09 03:00:58 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com added 31 (Bayesian Probability: 1.0000), total score for this message is now 47 Jul-29-09 03:00:58 id-47251-00739 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com added 31 (Bayesian Probability: 1.0000), total score for IP '111.222.333.13' is now 47 Jul-29-09 03:00:58 id-47251-00739 [MessageScore][lowlimit] 111.222.333.13 <spam...@spamdomain.com> to: recipi...@ourdomain.com [spam found] and passing because messagescore 44 < 47 < 50 [Receive SMS From 81319366] -> /usr/local/assp/discarded/4143.eml Jul-29-09 03:00:58 Disconnected: 111.222.333.13
From the log above, we see that it did not catch the offending mail with the BlackRegex and thus Bayes had its chance. This is a bit different of what I understood at first moment. But the Problem is still there: I have the phrase whyza.net in BombRaw as well as BlackRe and scriptRe Regular Expressions files. Here is the output of ASSP Mail Analyzer: BombRaw RE: 'whyza.net' Black RE: 'whyza.net' Script RE: 'whyza.net' As far as I can tell the regex files are OK, they detect the matches when I use the ASSP analyze function, but they do not work on real mails. Is there anything I can do to help catch/log this failure? Is it possible that something is timing out? Thanks, Hilário ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
