any of your settings or a bug prevents ASSP_AFC from scanning the mail >ClamAV: scanned 2805 bytes in file messages/okmail/Spam_Subject--3092281.txt
This is a security (post)scan forced by 'ClamAVLogScan'. Stored files are scanned, if not already done while processing the mail. notice: a security BUG was fixed in ASSP_AFC 4.88 and 4.89 ---- some MIME types were not correctly detected while processing the mail, but if files were scanned - seems you use an outdated ASSP_AFC Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 09.01.2019 16:45 Betreff: [Assp-test] ClamAV catching spam, but still delivered Hi Thomas, Back in July 2018, I started a thread where ClamAV was catching spam, but only AFTER delivery. You suggested that the ASSP_AFC plugin wasn't scanning the MIME headers and then fixed that in AFC 4.83. I just received a report of spam that still came through, despite ClamAV catching it. In reviewing the log, I see a low scoring message being delivered and then 1 second later ClamAV via AFC showing a hit. It's a normal sounding email, so I understand why bayesian / HMM wouldn't catch it. I'm glad that clamav did, but it's pointless if the scan is after the delivery right? The last time I brought this up, you initially said that I have a setting that prevents ClamAV from running until after delivery. Can you tell me what that setting is? Thanks log: Jan-08-19 03:02:54 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org [scoring] DKIM domain-check skipped - spam.xx does not support DKIM Jan-08-19 03:02:54 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org [scoring] SPF: softfail ip=37.xx.xx.xx.xx mailfrom=thespam...@spam.xx helo=randomhost.com Jan-08-19 03:02:54 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org Message-Score: added 5 (spfsValencePB) for SPF softfail, total score for this message is now 5 Jan-08-19 03:02:54 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org checking MX/A for spam.xx , otherspam.xx Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org spam.xx - MX 'mx1.compromised.net' - got IP (18.xx.xx.xx) Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org otherspam.xx - MX 'mx2.mail.otherspam.xx' - got IP (14.xx.xx.xx) Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org MX found: spam.xx (Mail From: , From) -> mx1.compromised.net Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org A record found for MX: spam.xx (Mail From: , From) -> 18.xx.xx.xx Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org MX found: otherspam.xx (Reply-To) -> mx2.mail.otherspam.xx Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org A record found for MX: otherspam.xx (Reply-To) -> 14.xx.xx.xx Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org [scoring] found valid PTR hosted-by-xx.com Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org HMM-Check has given less than 6 results - using monitoring mode only Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org HMM Check [monitoring] - Prob: 1.00000 - Confidence: 0.00028 => doubtful.spam - answer/query relation: 0% of 137 Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org Bayesian Check [scoring] - Prob: 1.00000 - Confidence: 0.00000 => doubtful.spam - answer/query relation: 100% of 138 Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org Message-Score: added 25 for Bayesian Probability: 1.00000, total score for this message is now 30 WE'RE AT 30 Jan-08-19 03:02:55 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org [Plugin] calling plugin ASSP_AFC AFC CALLED Jan-08-19 03:02:55 17771-28711 [MessageOK] 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org message ok [ Subject] -> messages/okmail/Spam_Subject--3092281.txt Jan-08-19 03:02:56 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org info: PB-IP-Score for '37.xx.xx.xx.xx' is 5, added 5 in this session Jan-08-19 03:02:56 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org finished message - received DATA size: 1.87 kByte - sent DATA size: 2.97 kByte Jan-08-19 03:02:56 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org disconnected: session:11EAAF22 37.xx.xx.xx.xx - processing time 5 seconds DELIVERED Jan-08-19 03:02:56 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org ClamAV: scanned 2805 bytes in file messages/okmail/Spam_Subject--3092281.txt - FOUND winnow.spam.ts.xmailer.2.UNOFFICIAL Spam (Virus) found 1 second after AFC called Jan-08-19 03:02:56 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org deleting spamming safelisted tuplet: (37.48.120.0,spam.xx) age: 3s Jan-08-19 03:02:56 17771-28711 37.xx.xx.xx.xx <thespam...@spam.xx> to: our.u...@ourcharity.org Message-Score: added 50 (vdValencePB) for virus detected: 'winnow.spam.ts.xmailer.2.UNOFFICIAL', total score for this message is now 80 ADDED 50, but only after delivery _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test