[Mimedefang] Missed Spam
Nels Lindquist
nlindq at maei.ca
Fri Aug 15 01:46:01 EDT 2003
On 14 Aug 2003 at 12:23, Will McCorkle wrote:
> I have received another of the same type of Spam and SA did not even see it.
> That seems to be the problem. If you notice in the last email, the Spam was
> not even tested. Any clues why? Dave was kind enough to respond with a body
> test, but the test did not catch the Spam even though it looks the same. It
> may be in the header or how I have SA configured. Any suggestions.
You haven't mentioned which version of SpamAssassin you're using.
Versions prior to 2.5x didn't properly decode Base64-encoded text
prior to running body tests, so that might explain why a new body
test doesn't trigger.
Here are my results from testing your sample spam: (note the
BAYES_90):
Content analysis details: (10.80 points, 5 required)
HTML_FONT_BIG (0.2 points) BODY: FONT Size +2 and up or 3 and
up
HTML_FONT_COLOR_RED (0.1 points) BODY: HTML font color is red
BODY_8BITS (1.5 points) BODY: Body includes 8 consecutive 8-
bit characters
HTML_WITH_BGCOLOR (0.1 points) BODY: HTML mail with non-white
background
BAYES_90 (4.1 points) BODY: Bayesian classifier says spam
probability is 90 to 99%
[score: 0.9653]
HTML_50_60 (0.1 points) BODY: Message is 50% to 60% HTML
MIME_MISSING_BOUNDARY (1.3 points) RAW: MIME section missing
boundary
BASE64_ENC_TEXT (1.8 points) RAW: Message text disguised using
base-64 encoding
NORMAL_HTTP_TO_IP (0.7 points) URI: Uses a dotted-decimal IP
address in URL
MSG_ID_ADDED_BY_MTA_2 (0.8 points) 'Message-Id' was added by a relay
(2)
MIME_HTML_ONLY (0.1 points) Message only has text/html MIME
parts
----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.
More information about the MIMEDefang
mailing list