nice .-) i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still using SA_3.17...so maybe those rules are only embedded into the 3.2x'er SA.
But pls tell me: how may CLAMAV score with 10 points ? where is the "virus" ??? Ove > -----Ursprüngliche Nachricht----- > Von: Chris [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 2. Juli 2008 13:29 > An: users@spamassassin.apache.org > Betreff: Re: i'm unable to catch these > > > On Wednesday 02 July 2008 4:08 am, Starckjohann, Ove wrote: > > Hello! > > > > during the last days i do get the following mails and i'm unable to > > catch/score them.... > > > > http://www.norddeutsche.de/temp/20080630185844296.eml.txt > > http://www.norddeutsche.de/temp/20080701190353407.eml.txt > > > > Any tips/hints how to score them ? > > > > > > Ove Starckjohann > > The first one scores like this here: > > Content analysis details: (20.5 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.0 FREEMAIL_FROM From-address is freemail domain > 0.0 DK_POLICY_TESTING Domain Keys: policy says domain > is testing DK > 0.0 DK_SIGNED Domain Keys: message has a signature > 2.7 GEO_QUERY_STRING URI: GEO_QUERY_STRING > 0.0 HTML_MESSAGE BODY: HTML included in message > 1.0 BAYES_50 BODY: Bayesian spam probability > is 40 to 60% > [score: 0.4971] > 2.2 DCC_CHECK listed in DCC > (http://rhyolite.com/anti-spam/dcc/) > > [cpollock 102; Body=1 Fuz1=1 Fuz2=many] > 10 CLAMAV Clam AntiVirus detected a virus > 0.1 RDNS_NONE Delivered to trusted network by a > host with no > rDNS > 2.5 L_UNVERIFIED_YAHOO L_UNVERIFIED_YAHOO > 1.0 SAGREY Adds 1.0 to spam from first-time senders > > X-Spam-Virus: Yes (Email.Porn.Gen036.Sanesecurity.08070200) > > 2nd scored the same > > -- > Chris > KeyID 0xE372A7DA98E6705C >
