> got an email with bad 8 bit (spam)
>
> spammers uses decimal 240 in place of space in subject line.
>
> clamav sees spam: (sane security) but sa doesnt' (I don't think amavisd
> passed it to spamassassin)
>
> X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char A0 hex):
> Subject: Her\240night\240moans\240gua[...]
> X-Spam-Flag: NO
> X-Spam-Score: 0
> X-Spam-Level:
> X-Spam-Status: No, score=0 tagged_above=-999 required=5
> tests=[AV:Sanesecurity.Junk.15877.UNOFFICIAL=0] autolearn=unavailable
Second issue: it didn't quarantine it as a bad header either.
In amavisd.conf, have:
$bad_header_quarantine_method='sql:';
$spam_quarantine_method='sql:';
(and I know spam quarantine works)
In sql policy, have:
virus_quarantine_to: NULL
spam_quarantine_to: NULL
banned_quarantine_to: NULL
bad_header_quarantine_to: NULL
clean_quarantine_to: sql:
(and I know clean quarantine works.. In fact, that bad header one got
'clean' quarantined)
Using sql policy,
>
--
Michael Scheidell, CTO
>|SECNAP Network Security
Finalist 2009 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
