Am 20.05.2016 um 08:31 schrieb Emin Akbulut:
I tried to train SA with tons of spam messages which contains zip file (includes .js) The max spam score was lesser than 5 so I did set 4 to delete messsages. Then same kind of spam messages appear with the score of lesser than 2. In short; training the SA seems not helpful. What do you suggest to fight these spams? Raw message: http://pastebin.com/gPREh54L
just get a proper clamav setupthe real good question is why the hell that message does not get bayes classified at all here when pipe your download through spamc/spmad while other messages are
also a good question is why your header don't contain a single DNSBL and if that happens all the time - without blacklists you have no good chances for proper reject (for the trolls - YES a FULL SETUP rejects) many junk
X-Spam-Status: No, score=1.6 required=4.0 tests=BAYES_50,RDNS_NONE autolearn=no autolearn_force=no version=3.4.1
_________________________________/var/www/uploadtemp/5633d7b4bafd01d72635e8496c9a781a4efa94d8.eml: Sanesecurity.Foxhole.Zip_fs223.UNOFFICIAL FOUND /var/www/uploadtemp/5633d7b4bafd01d72635e8496c9a781a4efa94d8.eml: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND
----------- VIRUS-SCAN SUMMARY ----------- Infected files: 1 Time: 0.005 sec (0 m 0 s) Content analysis details: (37.6 points, 5.5 required) pts rule name description---- ---------------------- --------------------------------------------------
4.5 CUST_DNSBL_10_SORBS_WEB RBL: dnsbl.sorbs.net (web.dnsbl.sorbs.net) [213.252.170.66 listed in dnsbl.sorbs.net] 0.5 CUST_DNSBL_33_SORBS_VIRUS RBL: dnsbl.sorbs.net (virus.dnsbl.sorbs.net) 1.5 CUST_DNSBL_20_SORBS_SPAM RBL: dnsbl.sorbs.net (spam.dnsbl.sorbs.net) 0.1 CUST_DNSBL_34_BACKSCATTER RBL: dnsbl-backscatterer.thelounge.net (ips.backscatterer.org)[213.252.170.66 listed in dnsbl-backscatterer.thelounge.net]
3.5 CUST_DNSBL_11_JEF_BLACK RBL: hostkarma.junkemailfilter.com[213.252.170.66 listed in hostkarma.junkemailfilter.com]
1.0 CUST_DNSBL_24_UCE1 RBL: dnsbl-uce.thelounge.net (dnsbl-1.uceprotect.net)[213.252.170.66 listed in dnsbl-uce.thelounge.net]
2.5 CUST_DNSBL_16_PSBL RBL: dnsbl-surriel.thelounge.net (psbl.surriel.com)[213.252.170.66 listed in dnsbl-surriel.thelounge.net]
2.5 CUST_DNSBL_12_SPAMCOP RBL: bl.spamcop.net [213.252.170.66 listed in bl.spamcop.net] 3.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) [213.252.170.66 listed in bl.mailspike.net] 5.5 CUST_DNSBL_6_ZEN_XBL RBL: zen.spamhaus.org (xbl.spamhaus.org) [213.252.170.66 listed in zen.spamhaus.org] 1.5 CUST_DNSBL_19_SENDERSC_HIGH RBL: score.senderscore.com (senderscore.com High)[213.252.170.66 listed in score.senderscore.com]
1.0 CUST_DNSBL_30_SENDERSC_MED RBL: score.senderscore.com (senderscore.com Medium) 5.0 CUST_DNSBL_7_CUDA RBL: b.barracudacentral.org[213.252.170.66 listed in b.barracudacentral.org]
2.5 CUST_DNSBL_13_SEM RBL: bl.spameatingmonkey.net[213.252.170.66 listed in bl.spameatingmonkey.net] 2.5 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted 0.5 HELO_MISC_IP Looking for more Dynamic IP Relays
signature.asc
Description: OpenPGP digital signature