> Get Tim Jackson's bogus virus bounce ruleset.
I've just added that ruleset but it didn't help as far as I can see.
I have two custom rules which hit the text in the email, and spf also caught
it, but I was wondering what test could check for
UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA== in a mime part
Here is the full email:
Received: from [127.0.0.1] by arkbb.co.uk with SMTP (HELO server.)
(ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.7.9)); Sun,
5 Jun 2005 20:01:25 +0100
Received: from a.mx.bluesine.com ([66.18.211.109])
by server. (NAVGW 2.5.2.12) with SMTP id M2005060520012009891
for <[EMAIL PROTECTED]>; Sun, 05 Jun 2005 20:01:20 +0100
Received: (qmail 31692 invoked from network); 5 Jun 2005 18:56:46 -0000
Received: from r2.soplicowo.net (HELO arkbb.co.uk) (195.205.119.242)
by a.mx.bluesine.com with SMTP; 5 Jun 2005 18:56:46 -0000
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: *DETECTED* Online User Violation
Date: Sun, 5 Jun 2005 20:57:16 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_1ED76C19.07657A59"
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <[EMAIL PROTECTED]>
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on server
X-Spam-Level: ********
X-Spam-Hammy: 0.006-892--2043h-32s--0d--H*F:D*arkbb.co.uk,
0.009-41--94h-2s--0d--H*p:D*arkbb.co.uk
X-Spam-Status: Yes, score=8.3 required=2.4 bayes=0.5004 tests=BAYES_50,
MISSING_MIMEOLE,NO_REAL_NAME,POLICY_VIOLATION,PRIORITY_NO_NAME,
SECONDARYMX,SPF_HELO_SOFTFAIL,SUSPENDED_ACCOUNT autolearn=disabled
version=3.0.3
X-Spam-Spammy: 0.999-5--0h-55s--0d--H*RT:sk:a.mx.bl,
0.999-5--0h-55s--0d--H*RT:66.18.211.109
X-Spam-Report:
* 1.0 SECONDARYMX SECONDARYMX
* 0.0 NO_REAL_NAME From: does not include a real name
* 3.1 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record
(softfail)
* [SPF failed: Please see
http://spf.pobox.com/why.html?sender=arkbb.co.uk&ip=195.205.119.242&receiver
=server]
* 1.5 SUSPENDED_ACCOUNT BODY: SUSPENDED_ACCOUNT
* 1.5 POLICY_VIOLATION BODY: POLICY_VIOLATION
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5004]
* 1.1 PRIORITY_NO_NAME Message has priority, but no
X-Mailer/User-Agent
* 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no
X-MimeOLE
This is a multi-part message in MIME format.
------=_NextPart_000_0014_1ED76C19.07657A59
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
We regret to inform you that your account has been suspended due to the
violation of our site policy, more info is attached.
------=_NextPart_000_0014_1ED76C19.07657A59
Content-Type: application/octet-stream;
name="instructions.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="instructions.zip"
UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==
------=_NextPart_000_0014_1ED76C19.07657A59--
