fgrep "Total weight = " dec0531.log |
fgrep -v "SNIFFER" | gawk "$NF >=20"
>result.txt
sample
contents of result.txt:
05/31/2004
00:01:44 Qd84b1ec600561d03 IPNOTINMX:2 HELOBOGUS:6 MAILFROM:9 REVDNS:4
CMDSPACE:5 COUNTRY:10 DSBL:6 SPAMCOP:3 SPAMCOP-DYNA:7 FIVETENSRC:2
FIVETENSRC-DYNA:3 . Total weight = 57.
05/31/2004 00:04:13 Qd8d21ede005628b1 IPNOTINMX:2 BADHEADERS:6 CMDSPACE:5 SPAMDOMAINS:6 NOABUSE:3 NOPOSTMASTER:3 NJABL-DYNABLOCK:6 FIVETENSRC:2 FIVETENSRC-DYNA:3 SORBS-DYNA:7 DYNAMIC:4 TELUS-DYNA:1 . Total weight = 48.
05/31/2004 00:04:13 Qd8d21ede005628b1 IPNOTINMX:2 BADHEADERS:6 CMDSPACE:5 SPAMDOMAINS:6 NOABUSE:3 NOPOSTMASTER:3 NJABL-DYNABLOCK:6 FIVETENSRC:2 FIVETENSRC-DYNA:3 SORBS-DYNA:7 DYNAMIC:4 TELUS-DYNA:1 . Total weight = 48.
Andrew
8)
-----Original Message-----
From: Andy Schmidt [mailto:[EMAIL PROTECTED]
Sent: Monday, May 31, 2004 3:03 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Detect "Test NOT Failed"Hi,I'm trying to detect mails weight >= 15 that did NOT fail "Sniffer".I have:Global.cfg:SNIFFER external nonzero "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 4 0
SNIFFER-SNAKE external 052 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 1 0
SNIFFER-SCAMS external 053 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-PORN external 054 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-MALWARE external 055 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0
SNIFFER-OBFUSC external 061 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0NOTSNIFFed filter D:\IMail\Declude\NOTSNIFFEDfilter.txt x 0 0In "NOTSNIFFEDfilter.txt"MINWEIGHT 15TESTSFAILED END CONTAINS SNIFFER
REMOTEIP 0 CONTAINS .Yet, the log doesn't show "NOTSNIFFed":05/31/2004 17:48:59 Qa83f230c00e4d595 SPAMCOP:7 XBL-DYNA:7 HELOBOGUS:3 REVDNS:5 SPAMROUTING:4 . Total weight = 26.
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=19 (26) and at least 1 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=14 (26) and at least 4 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=12 (26) and at least 6 recipients (7).
05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED]
05/31/2004 17:48:59 Qa83f230c00e4d595 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 61.73.93.27 ID:
05/31/2004 17:48:59 Qa83f230c00e4d595 Tests failed [weight=26]: BYPASS19=IGNORE BYPASS14=IGNORE BYPASS12=IGNORE SPAMCOP=WARN NJABLDYNA=LOG SORBS=WARN SORBS-DUHL=LOG XBL-DYNA=IGNORE HELOBOGUS=WARN IPNOTINMX=IGNORE REVDNS=ALERT SPAMROUTING=WARN NOLEGITCONTENT=IGNORE WEIGHTKILL=DELETE
05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] [EMAIL PROTECTED]Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
