MJ, > Some messages specially from hotmail.com are getting very > high scores, specially RATWARE_ZERO_TZ, can some one tell me > what is RATWARE_ZERO_TZ
grep the SA rules for RATWARE_ZERO_TZ: 20_ratware.cf: # This ratware always uses a +0000 TZ in the Date header, and has a multiplicity # of From: header formats. ("From" header samples from Steven Champeon # <schampeo.hesketh.com> via the spamtools.lists.abuse.net and SPAM-L lists). ... header __RATWARE_0_TZ_DATE Date =~ / \+0000$/ meta RATWARE_ZERO_TZ (__RATWARE_0_TZ_DATE && __CTYPE_HTML && (__0_TZ_1 || __0_TZ_2 || __0_TZ_3 || __0_TZ_4 || __0_TZ_5 || __0_TZ_6 || __0_TZ_7)) describe RATWARE_ZERO_TZ Bulk email fingerprint (+0000) found > and do I need to reduce the score for this? If you want. Mark ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/