Ok, that seems to confirm that ASSP is pulling 'g.com' out of qsystemsengineering.com. Interestingly, it never shows qsystemsengineering.com as being registered for check, only g.com. Later though, it shows 0 hits on qsystemsengineering.com and a hit on g.com. Log excerpt follows.
- Phil Feb-16-11 11:35:07 29787-26248 206.46.xx.xx <[email protected]> added -5 (PBwhite), total score for this message is now -5; Feb-16-11 11:35:09 29787-26248 206.46.xx.xx <[email protected]> to: [email protected] added 10 (blackRe: 'viagra'), total score for this message is now 5; Feb-16-11 11:35:09 29787-26248 [BombBlack] 206.46.xx.xx <[email protected]> to: [email protected] [scoring:10] -- blackRe: 'viagra (10)' -- [Returned mail the virus test]; Feb-16-11 11:35:09 29787-26248 [BombRe] 206.46.xx.xx <[email protected]> to: [email protected] [scoring:10] -- bombRe: 'the virus (10)'; Feb-16-11 11:35:09 29787-26248 206.46.xx.xx <[email protected]> to: [email protected] added 10 (bombRe: 'the virus'), total score for this message is now 15; Feb-16-11 11:35:09 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] info: found URI schemas.microsoft.com; Feb-16-11 11:35:09 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] info: registered URI microsoft.com for check; Feb-16-11 11:35:09 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] info: found URI www.w3.org; Feb-16-11 11:35:09 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] info: registered URI w3.org for check; Feb-16-11 11:35:09 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] info: found URI g.com; Feb-16-11 11:35:09 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] info: registered URI g.com for check; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on dbl.spamhaus.org for URIBL checks on microsoft.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on multi.surbl.org for URIBL checks on microsoft.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on black.uribl.com for URIBL checks on microsoft.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on dob.sibl.support-intelligence.net for URIBL checks on microsoft.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on uribl.swinog.ch for URIBL checks on microsoft.com; Feb-16-11 11:35:09 Commencing URIBL checks on 'microsoft.com'; Feb-16-11 11:35:09 Got 5 answers, 0 replies and 0 hits after 0 seconds for URIBL checks on 'microsoft.com'; Feb-16-11 11:35:09 Completed URIBL checks on 'microsoft.com'; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on dbl.spamhaus.org for URIBL checks on qsystemsengineering.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on multi.surbl.org for URIBL checks on qsystemsengineering.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on black.uribl.com for URIBL checks on qsystemsengineering.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on dob.sibl.support-intelligence.net for URIBL checks on qsystemsengineering.com; Feb-16-11 11:35:09 Sending DNS(TXT)-query to 10.0.0.13 on uribl.swinog.ch for URIBL checks on qsystemsengineering.com; Feb-16-11 11:35:09 Commencing URIBL checks on 'qsystemsengineering.com'; Feb-16-11 11:35:10 Got 5 answers, 0 replies and 0 hits after 1 seconds for URIBL checks on 'qsystemsengineering.com'; Feb-16-11 11:35:10 Completed URIBL checks on 'qsystemsengineering.com'; Feb-16-11 11:35:10 29787-26248 [URIBL] 206.46.xx.xx <[email protected]> to: [email protected] [scoring:15] -- URIBL neutral: 'g.com'(uribl.swinog.ch<-127.0.0.2); Feb-16-11 11:35:10 29787-26248 206.46.xx.xx <[email protected]> to: [email protected] added 15 (URIBL neutral: 'g.com'(uribl.swinog.ch<-127.0.0.2)), total score for this message is now 30; Feb-16-11 11:35:10 29787-26248 206.46.xx.xx <[email protected]> to: [email protected] ClamAV: scanned 7468 bytes in message - OK ; Feb-16-11 11:35:10 29787-26248 [MessageOK] 206.46.xx.xx <[email protected]> to: [email protected] -- Message OK -- [Returned mail the virus test] -> D:/AntiSpam/ASSP/okmail/Returned_mail_the_virus_test__103.eml; -----Original Message----- Message: 9 Date: Wed, 16 Feb 2011 16:27:21 +0100 From: "Fritz Borgstedt" Subject: Re: [Assp-user] ASSP sending only portion of URL to blacklist To: <[email protected]> Message-ID: <assp.002893cb38.fc.000f4555071f7a2e3b9aca00cde0ab3a.71f7...@iworld.de> Content-Type: text/plain; charset=ISO-8859-1 [email protected] schreibt: >[email protected] Please set URIBLLog to verbose. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
