On Thu, 26 May 2016, Reindl Harald wrote:
Am 26.05.2016 um 20:50 schrieb RW:
I noticed that Bayes is picking-up on very strong tokens from "eval" and
"code" in headers like this:
X-PHP-Originating-Script: 1013:global.php(1938) : eval()'d code
The "eval()'d code" part is in just over 2% of my spam, but it's
never occurred in a single ham in my corpus.
The spams seem to be coming from exploited web-servers, and I'm
wondering if it might be a symptom of the exploit
looks like worth a rule to add points
I've asked for samples and will add a rule based on that.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Individual liberties are always "loopholes" to absolute authority.
-----------------------------------------------------------------------
4 days until Memorial Day - honor those who sacrificed for our liberty