So the only thing which is actually working to catch these is bayes and
bayes-based systems. Not rules, and not AV.
Martin.Hepworth wrote:
Ecard spams get scored as follows.
5.40 BAYES_99 Bayesian spam probability is 99 to 100%
4.00 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.77 DIGEST_MULTIPLE Message hits more than one network digest check
0.90 HOST_EQ_RO
4.00 NORMAL_HTTP_TO_IP Uses a dotted-decimal IP address in URL
0.96 NO_REAL_NAME From: does not include a real name
0.50 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
1.50 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
Similar for postcard.exe's (which also trigger my AV).
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-----Original Message-----
From: Jo Rhett [mailto:[EMAIL PROTECTED]
Sent: 15 August 2007 23:46
To: Arthur Dent
Cc: users@spamassassin.apache.org
Subject: Re: Rule for PDF and eCard Spam Needed
On Aug 15, 2007, at 12:47 AM, Arthur Dent wrote:
I am only a home user, but I have found that bog-standard clamAV
(updated with freshclam) has caught all but one of the greeting
card scams:
I'm using stock clamav with freshclam, and getting 10-12 an hour in
each maibox. So no, stock clamav does not catch these.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
--
Jo Rhett
Net Consonance ... net philanthropy, open source and other randomness