Thomas,
Sent to list and private with ZIP file.
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
On 7/21/2013 3:36 AM, Thomas Eckardt wrote:
I'm missing the attachment Michael.
Thomas
Von: Michael Thomas <[email protected]>
An: ASSP development mailing list <[email protected]>,
Datum: 20.07.2013 17:08
Betreff: Re: [Assp-test] Antwort: Re: Antwort: Javascript SRC URI
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
On 7/20/2013 5:59 AM, Thomas Eckardt wrote:
I can send you the raw email as a zip file.
Yes , please !
Thomas
Von: Michael Thomas <[email protected]>
An: ASSP development mailing list <[email protected]>,
Datum: 20.07.2013 11:54
Betreff: Re: [Assp-test] Antwort: Javascript SRC URI
Thomas,
I noticed it was missing from X-Assp-Detected-URI. I just pulled the log
entries, which match. Not detected in log either.
I can send you the raw email as a zip file.
X-Assp-Detected-URI: emailonline.chase.com(1), chase.com(2),
emerytelcom.net(1)
Here are the log entries for mine:
Find all "71345-07122", Subfolders, Find Results 1, "F:\LogNo\mx03",
"*.*"
F:\LogNo\mx03\13-07-19.maillog.txt(687902):13-Jul-19 18:02:25
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> IP
67.22.175.244 matches noPBwhite - with 0.0.0.0/1
F:\LogNo\mx03\13-07-19.maillog.txt(687905):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> [SMTP
Reply] 250 OK
F:\LogNo\mx03\13-07-19.maillog.txt(687908):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]>
[email protected] validated by ldapcache
F:\LogNo\mx03\13-07-19.maillog.txt(687909):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] recipient accepted: [email protected]
F:\LogNo\mx03\13-07-19.maillog.txt(687910):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [SMTP Reply] 250 OK
F:\LogNo\mx03\13-07-19.maillog.txt(687911):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [SMTP Reply] 354 OK, send.
F:\LogNo\mx03\13-07-19.maillog.txt(687913):13-Jul-19 18:02:26
71345-07122 [Worker_1] [MsgID] 67.22.175.244
<[email protected]> to: [email protected] [scoring] (Message-ID
missing)
F:\LogNo\mx03\13-07-19.maillog.txt(687914):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] Message-Score: added 10 (midmValencePB) for Message-ID
missing, total score for this message is now 10
F:\LogNo\mx03\13-07-19.maillog.txt(687915):13-Jul-19 18:02:26
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] PB-IP-Score for '67.22.175.244' is 10, added 10 for
Msg-IDmissing
F:\LogNo\mx03\13-07-19.maillog.txt(687916):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] DKIM domain-check skipped -
emailonline.chase.com does not support DKIM
F:\LogNo\mx03\13-07-19.maillog.txt(687925):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: domain emailonline.chase.com has published a
DMARC record
F:\LogNo\mx03\13-07-19.maillog.txt(687926):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] SPF: fail ip=67.22.175.244
[email protected] helo=magicmail.etv.net
F:\LogNo\mx03\13-07-19.maillog.txt(687927):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] Message-Score: added 10 (spfValencePB) for SPF fail,
total score for this message is now 20
F:\LogNo\mx03\13-07-19.maillog.txt(687928):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] PB-IP-Score for '67.22.175.244' is 20, added 10 for
SPFfail
F:\LogNo\mx03\13-07-19.maillog.txt(687929):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] DMARC: this mail breakes the DKIM policies defined in
the DMARC record for domain emailonline.chase.com - there is no
DKIM-signature found in this mail for domain emailonline.chase.com
F:\LogNo\mx03\13-07-19.maillog.txt(687930):13-Jul-19 18:02:27
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] SenderBase -- country:US orgname:EMERY TELCOM
domain:etv.net
F:\LogNo\mx03\13-07-19.maillog.txt(687932):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] no Bomb found in header
F:\LogNo\mx03\13-07-19.maillog.txt(687934):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] MX found: emailonline.chase.com ->
cluster14.us.messagelabs.com
F:\LogNo\mx03\13-07-19.maillog.txt(687935):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] A record found: emailonline.chase.com -> 216.82.254.196
F:\LogNo\mx03\13-07-19.maillog.txt(687936):13-Jul-19 18:02:28
71345-07122 [Worker_1] [PTRinvalid] 67.22.175.244
<[email protected]> to: [email protected] found valid PTR
mail.etv.net
F:\LogNo\mx03\13-07-19.maillog.txt(687937):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: attachment Chase Online Profile Verification
Form.htm found for Level-1
F:\LogNo\mx03\13-07-19.maillog.txt(687938):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: 1 attachment found for Level-1
F:\LogNo\mx03\13-07-19.maillog.txt(687939):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] no Bomb found for 'bombSuspiciousRe'
F:\LogNo\mx03\13-07-19.maillog.txt(687940):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] no Bomb found for 'bombDataRe'
F:\LogNo\mx03\13-07-19.maillog.txt(687941):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] no Bomb found for 'bombRe'
F:\LogNo\mx03\13-07-19.maillog.txt(687942):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [scoring] no Bomb found for 'bombCharSets'
F:\LogNo\mx03\13-07-19.maillog.txt(687943):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] no Bomb found for 'bombBlack'
F:\LogNo\mx03\13-07-19.maillog.txt(687944):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] ClamAV: scanned 29512 bytes in message - OK
F:\LogNo\mx03\13-07-19.maillog.txt(687946):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: found URI chase.com
F:\LogNo\mx03\13-07-19.maillog.txt(687948):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: found URI emailonline.chase.com
F:\LogNo\mx03\13-07-19.maillog.txt(687949):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: registered URI chase.com for check
F:\LogNo\mx03\13-07-19.maillog.txt(687950):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: registered URI emailonline.chase.com for check
F:\LogNo\mx03\13-07-19.maillog.txt(687951):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: found raw URI/URL @emailonline.chase.com>
F:\LogNo\mx03\13-07-19.maillog.txt(687954):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: found URI emailonline.chase.com
F:\LogNo\mx03\13-07-19.maillog.txt(687955):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: registered TLD URI chase.com for check
F:\LogNo\mx03\13-07-19.maillog.txt(687956):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: found raw URI/URL @emerytelcom.net
F:\LogNo\mx03\13-07-19.maillog.txt(687959):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: found URI emerytelcom.net
F:\LogNo\mx03\13-07-19.maillog.txt(687960):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: registered TLD URI emerytelcom.net for check
F:\LogNo\mx03\13-07-19.maillog.txt(687971):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] URIBL: lookup returned <1> for chase.com - res: ''
F:\LogNo\mx03\13-07-19.maillog.txt(687982):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] URIBL: lookup returned <1> for emailonline.chase.com -
res: ''
F:\LogNo\mx03\13-07-19.maillog.txt(687993):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] URIBL: lookup returned <1> for emerytelcom.net - res:
''
F:\LogNo\mx03\13-07-19.maillog.txt(687994):13-Jul-19 18:02:28
71345-07122 [Worker_1] [MessageLimit][lowlimit] 67.22.175.244
<[email protected]> to: [email protected] [spam found] and
possibly passing because messagescore(20) low [Urgent Verification of
Recent Activities Required]
F:\LogNo\mx03\13-07-19.maillog.txt(687995):13-Jul-19 18:02:28
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] spam found and passing () [Urgent Verification of
Recent Activities Required]
F:\LogNo\mx03\13-07-19.maillog.txt(687996):13-Jul-19 18:02:29
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] [SMTP Reply] 250 Queued (2.344 seconds)
F:\LogNo\mx03\13-07-19.maillog.txt(687997):13-Jul-19 18:02:29
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] info: no (more) data readable from 67.22.175.244
(connection closed by peer) - last command was 'QUIT'
F:\LogNo\mx03\13-07-19.maillog.txt(687998):13-Jul-19 18:02:29
71345-07122 [Worker_1] 67.22.175.244 <[email protected]> to:
[email protected] finished message - received DATA size: 29.67 kByte -
sent DATA size: 29.67 kByte
Matching lines: 46 Matching files: 1 Total files searched: 3
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
On 7/20/2013 5:11 AM, Thomas Eckardt wrote:
I can't reproduce this - the URI is detected in a HTML header. But is
not
detected by the URIBL providers.
I've included the URI this way:
<HTML><HEAD>
<script type=3D"text/javascript" src=3D"
http://kanaatbiber.com.tr/images/cr=
editcard.js"></script>
</HEAD>
Jul-20-13 10:56:22 [Worker_1] Info: found raw URI/URL
kanaatbiber.com.tr/
Jul-20-13 10:56:22 [Worker_1] LDAP - @com.tr not found in LDAP-cache
(ldaplistdb)
Jul-20-13 10:56:22 [Worker_1] LDAP - @kanaatbiber.com.tr not found in
LDAP-cache (ldaplistdb)
Jul-20-13 10:56:22 [Worker_1] Info: found URI kanaatbiber.com.tr
Jul-20-13 10:56:22 [Worker_1] Info: registered TLD(2/3) URI
kanaatbiber.com.tr for check
.....
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 192.168.2.1[:53]
on
multi.surbl.org for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to
194.25.2.129[:53]
on multi.surbl.org for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 10.69.5.50[:53]
on
black.uribl.com for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to
192.168.2.1[:53]
on black.uribl.com for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 194.25.2.129[:53]
on
multi.uribl.com for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to 10.69.5.50[:53]
on
multi.uribl.com for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 192.168.2.1[:53]
on
uribl.swinog.ch for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to
194.25.2.129[:53]
on uribl.swinog.ch for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 10.69.5.50[:53]
on
sbl.spamhaus.org for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to
192.168.2.1[:53]
on sbl.spamhaus.org for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 194.25.2.129[:53]
on
uribl.spameatingmonkey.net for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to 10.69.5.50[:53]
on
uribl.spameatingmonkey.net for URIBL checks on kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(A)-query to 192.168.2.1[:53]
on
dob.sibl.support-intelligence.net for URIBL checks on
kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Sending DNS(TXT)-query to
194.25.2.129[:53]
on dob.sibl.support-intelligence.net for URIBL checks on
kanaatbiber.com.tr
Jul-20-13 10:56:23 [Worker_1] Commencing URIBL checks on
'kanaatbiber.com.tr'
Jul-20-13 10:56:23 [Worker_1] Got 4 answers, 4 replies and 0 hits after
0
seconds for URIBL checks on 'kanaatbiber.com.tr'
Jul-20-13 10:56:23 [Worker_1] Got OK replies from (black.uribl.com
multi.uribl.com uribl.swinog.ch) - NOTOK replies from () for URIBL on
'kanaatbiber.com.tr'
Jul-20-13 10:56:23 [Worker_1] Completed URIBL checks on
'kanaatbiber.com.tr'
Jul-20-13 10:56:23 [Worker_1] URIBL: lookup returned <1> for
kanaatbiber.com.tr - res: ''
Thomas
Von: Michael Thomas <[email protected]>
An: ASSP development mailing list
<[email protected]>,
Datum: 20.07.2013 06:03
Betreff: [Assp-test] Javascript SRC URI
Thomas,
ASSP version 2.3.4(13187)
Failed to detect URI in head section of HTML section. This message was
a
bank scam. The only external URI in the body of the message were image
src URI of actual bank image URI. The active scam URI were all
javascript invocations.
<script type=3D"text/javascript" src=3D"
http://kanaatbiber.com.tr/images/cr=
editcard.js"></script>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
