On Mon, 14 Jun 2010 17:03:13 +0300
Jari Juslin <z...@iki.fi> wrote:
> Stevan Bajić kirjoitti:
> > this is not a new kind of spam that passes DSPAM. It is a spam message
> > that YOUR installation of DSPAM is not catching. You can not say that DSPAM
> > per default is not capable/able to catch it.
>
> When I said "new breed", I mean these spams are formed so that DSpam
> can't re-train them, thus forcing them to come through. I have used
> DSpam for almost ten years and this is the first time I see a spam that
> DSpam can't handle.
>
10 years? DSPAM does not exist that long :)
> > The sample is fine but useless. Can you please attach the RAW spam message
> > and not a RTF?
>
> > In the example I don't see any signature.
>
> Here is another, the raw data:
>
> Return-Path: <lawbreak...@seawolfchile.cl>
> X-Original-To: z...@localhost
> Delivered-To: z...@localhost
> Received: from terra.nblnetworks.fi (localhost [127.0.0.1])
> by terra.nblnetworks.fi (Postfix) with ESMTP id C42669B243
> for <z...@localhost>; Mon, 14 Jun 2010 15:52:03 +0300 (EEST)
> Received: from mail.netsonic.fi [194.29.192.90]
> by terra.nblnetworks.fi with IMAP (fetchmail-6.3.9-rc2)
> for <z...@localhost> (single-drop); Mon, 14 Jun 2010 15:52:03 +0300
> (EEST)
> Received: from netsonic.fi ([unix socket])
> by mail.netsonic.fi (Cyrus v2.3.7-Invoca-RPM-2.3.7-4mke) with LMTPA;
> Mon, 14 Jun 2010 16:51:58 +0300
> X-Sieve: CMU Sieve 2.3
> Received: from leimasin.iki.fi (leimasin.iki.fi [212.16.98.49])
> by netsonic.fi (Postfix) with ESMTP id 07D901F11AA0
> for <nanos...@netsonic.fi>; Mon, 14 Jun 2010 16:51:57 +0300 (EEST)
> Received: from ikiaikainen.iki.fi (r...@ikiaikainen.iki.fi [212.16.98.54])
> by leimasin.iki.fi (8.13.8/8.13.4) with ESMTP id o5ECoqxk002492
> for <jari.jus...@asetus1.silppuri.iki.fi>; Mon, 14 Jun 2010 15:50:52
> +0300 (EEST)
> Received: from jrkh.qtrduaf.com ([83.153.36.71])
> by ikiaikainen.iki.fi (8.14.4/8.14.4) with SMTP id o5ECoogw018334
> for <jari.jus...@iki.fi>; Mon, 14 Jun 2010 15:50:51 +0300 (EEST)
> Message-ID: <4c1624e1.9060...@horngshiue.com>
> Date: Mon, 14 Jun 2010 14:49:21 +0200
> From: Brindamour Siew <lawbreak...@seawolfchile.cl>
> MIME-Version: 1.0
> To: Baillet Segerson <jari.jus...@iki.fi>
> Subject: "We will keep the sun
> Content-Type: application/octet-stream; name="latterly.rtf"
> Content-Transfer-Encoding: base64
> X-Spam-Status: No, score=2.2 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET
> autolearn=disabled version=3.2.5
> X-Spam-Level: **
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on leimasin.iki.fi
> X-DSPAM-Result: Innocent
> X-DSPAM-Processed: Mon Jun 14 15:52:04 2010
> X-DSPAM-Confidence: 0.5392
> X-DSPAM-Probability: 0.1578
> X-DSPAM-Signature: 4c1625f4206657185213121
> X-DSPAM-Factors: 27,
> Subject*will+keep, 0.99000,
> Subject*keep, 0.98215,
> Subject*will, 0.96801,
> To*<jari.juslin+iki.fi>, 0.95783,
> To*<jari.juslin, 0.94942,
> Date*Jun+2010, 0.05738,
> Received*Jun+2010, 0.05826,
> Received*Jun+2010, 0.05826,
> Received*<jari.juslin+iki.fi>, 0.93197,
> Date*21+0200, 0.07201,
> Received*from+ikiaikainen.iki.fi, 0.08499,
> Received*ikiaikainen.iki.fi, 0.08524,
> Received*ikiaikainen.iki.fi, 0.08524,
> Received*ikiaikainen.iki.fi+(8.14.4/8.14.4), 0.08524,
> Received*[212.16.98.54]), 0.08524,
> Received*by+ikiaikainen.iki.fi, 0.08524,
> Received*(8.14.4/8.14.4)+with, 0.08683,
> Received*(8.14.4/8.14.4), 0.08690,
> X-Spam-Status*No, 0.10026,
> Received*<jari.juslin+asetus1.silppuri.iki.fi>, 0.89385,
> Received*ikiaikainen.iki.fi+[212.16.98.54]), 0.10630,
> Received*(root+ikiaikainen.iki.fi, 0.10630,
> Received*ikiaikainen.iki.fi+(root, 0.10630,
> Received*for+<jari.juslin, 0.88626,
> Received*for+<jari.juslin, 0.88626,
> Received*<jari.juslin, 0.88626,
> Received*<jari.juslin, 0.88626
>
> e1xydGYxXGFuc2lcYW5zaWNwZzEyNTFcZGVmZjBcZGVmbGFuZzEwNDl7XGZvbnR0Ymx7XGYw
> XGZzd2lzc1xmcHJxMlxmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO317
> XGYxXGZzd2lzc1xmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO319DQp7
> XGNvbG9ydGJsIDtccmVkMFxncmVlbjBcYmx1ZTI1NTtccmVkMFxncmVlbjEyOFxibHVlMDt9
> DQp7XCpcZ2VuZXJhdG9yIE1zZnRlZGl0IDQuNS4zMC4zOTc0O31cdmlld2tpbmQ0XHVjMVxw
> YXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcbGFuZzlcZjBcZnMzMntcZmllbGR7XCpcZmxkaW5z
> dHtIWVBFUkxJTksgImh7XCpcZGQgNC41LjMwLjM5NzQ7fXR0cDovL2NsdWJraW5nLmluZm8i
> fX17XGZsZHJzbHR7XHVsXGNmMSBodHRwOi8vY2x1YmtpbmcuaW5mb319fVxmMFxjZjFcYlxm
> czMyICAtIE9OTElORSBDQVNJTk8hXHBhcg0KXGxpbmVcY2YyXGJcZjBcZnMyOCBWSVAgQ0xV
> QiBDYXNpbm8gaXMgYSBncmVhdCBvbmxpbmUgY2FzaW5vIHRoYXQgb2ZmZXJzIHRoZSB1bmlx
> dWUgY29tYmluYXRpb24gb2YgdG9wIHF1YWxpdHkgZ2FtZXMsIGhpZ2ggcGF5b3V0cyBhbmQg
> YSAyNC83IHByb2Zlc3Npb25hbCBjdXN0b21lciBzdXBwb3J0LlxwYXINClxwYXIxMDAgcHJv
> Z3Jlc3NpdmUgZ2FtZXMgd2l0aCB0b3dlcmluZyBqYWNrcG90cywgd2hpY2ggYXJlIHJlYWR5
> IHRvIGV4cGxvZGUgYW5kIGNhbiBtYWtlIG11bHRpLW1pbGxpb25haXJlcyBvdXQgb2YgVklQ
> IENMVUIgcGxheWVycyEgRG93bmxvYWQgdGhlIHNvZnR3YXJlIGZvciBmcmVlLCBwaWNrIHVw
> IHRoZSBpbmNyZWRpYmxlICQ3NzcgV2VsY29tZSBCb251cyBvbiB5b3Ugd2F5IGluIGFuZCBz
> dGFydCBwbGF5aW5nICYgd2lubmluZyFccGFyDQp9DQoA
>
> !DSPAM:4c1625f4206657185213121!
>
Aha. Well... this is another beast then the usual spam mail. The mail does NOT
have any body that DSPAM can and will process. The reason is this here:
> Content-Type: application/octet-stream; name="latterly.rtf"
> Content-Transfer-Encoding: base64
See? The whole message just has an attachment called latterly.rtf and DSPAM
does not tokenize attachments.
So you limit DSPAM to just be able to tokenize stuff it finds in the headers. I
don't have show factors on and I add my signature just to the headers but for
the test I am quickly going to turn them on.
Here the message from you (cleaned out your DSPAM headers and your DSPAM
signature):
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nyx ~ # cat jari.juslin.eml
Return-Path: <lawbreak...@seawolfchile.cl>
X-Original-To: z...@localhost
Delivered-To: z...@localhost
Received: from terra.nblnetworks.fi (localhost [127.0.0.1])
by terra.nblnetworks.fi (Postfix) with ESMTP id C42669B243
for <z...@localhost>; Mon, 14 Jun 2010 15:52:03 +0300 (EEST)
Received: from mail.netsonic.fi [194.29.192.90]
by terra.nblnetworks.fi with IMAP (fetchmail-6.3.9-rc2)
for <z...@localhost> (single-drop); Mon, 14 Jun 2010 15:52:03 +0300
(EEST)
Received: from netsonic.fi ([unix socket])
by mail.netsonic.fi (Cyrus v2.3.7-Invoca-RPM-2.3.7-4mke) with LMTPA;
Mon, 14 Jun 2010 16:51:58 +0300
X-Sieve: CMU Sieve 2.3
Received: from leimasin.iki.fi (leimasin.iki.fi [212.16.98.49])
by netsonic.fi (Postfix) with ESMTP id 07D901F11AA0
for <nanos...@netsonic.fi>; Mon, 14 Jun 2010 16:51:57 +0300 (EEST)
Received: from ikiaikainen.iki.fi (r...@ikiaikainen.iki.fi [212.16.98.54])
by leimasin.iki.fi (8.13.8/8.13.4) with ESMTP id o5ECoqxk002492
for <jari.jus...@asetus1.silppuri.iki.fi>; Mon, 14 Jun 2010 15:50:52
+0300 (EEST)
Received: from jrkh.qtrduaf.com ([83.153.36.71])
by ikiaikainen.iki.fi (8.14.4/8.14.4) with SMTP id o5ECoogw018334
for <jari.jus...@iki.fi>; Mon, 14 Jun 2010 15:50:51 +0300 (EEST)
Message-ID: <4c1624e1.9060...@horngshiue.com>
Date: Mon, 14 Jun 2010 14:49:21 +0200
From: Brindamour Siew <lawbreak...@seawolfchile.cl>
MIME-Version: 1.0
To: Baillet Segerson <jari.jus...@iki.fi>
Subject: "We will keep the sun
Content-Type: application/octet-stream; name="latterly.rtf"
Content-Transfer-Encoding: base64
X-Spam-Status: No, score=2.2 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET
autolearn=disabled version=3.2.5
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on leimasin.iki.fi
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTFcZGVmZjBcZGVmbGFuZzEwNDl7XGZvbnR0Ymx7XGYw
XGZzd2lzc1xmcHJxMlxmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO317
XGYxXGZzd2lzc1xmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO319DQp7
XGNvbG9ydGJsIDtccmVkMFxncmVlbjBcYmx1ZTI1NTtccmVkMFxncmVlbjEyOFxibHVlMDt9
DQp7XCpcZ2VuZXJhdG9yIE1zZnRlZGl0IDQuNS4zMC4zOTc0O31cdmlld2tpbmQ0XHVjMVxw
YXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcbGFuZzlcZjBcZnMzMntcZmllbGR7XCpcZmxkaW5z
dHtIWVBFUkxJTksgImh7XCpcZGQgNC41LjMwLjM5NzQ7fXR0cDovL2NsdWJraW5nLmluZm8i
fX17XGZsZHJzbHR7XHVsXGNmMSBodHRwOi8vY2x1YmtpbmcuaW5mb319fVxmMFxjZjFcYlxm
czMyICAtIE9OTElORSBDQVNJTk8hXHBhcg0KXGxpbmVcY2YyXGJcZjBcZnMyOCBWSVAgQ0xV
QiBDYXNpbm8gaXMgYSBncmVhdCBvbmxpbmUgY2FzaW5vIHRoYXQgb2ZmZXJzIHRoZSB1bmlx
dWUgY29tYmluYXRpb24gb2YgdG9wIHF1YWxpdHkgZ2FtZXMsIGhpZ2ggcGF5b3V0cyBhbmQg
YSAyNC83IHByb2Zlc3Npb25hbCBjdXN0b21lciBzdXBwb3J0LlxwYXINClxwYXIxMDAgcHJv
Z3Jlc3NpdmUgZ2FtZXMgd2l0aCB0b3dlcmluZyBqYWNrcG90cywgd2hpY2ggYXJlIHJlYWR5
IHRvIGV4cGxvZGUgYW5kIGNhbiBtYWtlIG11bHRpLW1pbGxpb25haXJlcyBvdXQgb2YgVklQ
IENMVUIgcGxheWVycyEgRG93bmxvYWQgdGhlIHNvZnR3YXJlIGZvciBmcmVlLCBwaWNrIHVw
IHRoZSBpbmNyZWRpYmxlICQ3NzcgV2VsY29tZSBCb251cyBvbiB5b3Ugd2F5IGluIGFuZCBz
dGFydCBwbGF5aW5nICYgd2lubmluZyFccGFyDQp9DQoA
nyx ~ #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Now let me turn on those additional settings:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nyx ~ # dspam_admin ch pref ste...@bajic.ch "showFactors" "on"
operation successful.
nyx ~ # dspam_admin ch pref ste...@bajic.ch "signatureLocation" "body"
operation successful.
nyx ~ #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
And now let me process that message:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nyx ~ # dspam --user ste...@bajic.ch --deliver=summary --stdout <
jari.juslin.eml
X-DSPAM-Result: ste...@bajic.ch; result="Spam"; class="Spam";
probability=0.9931; confidence=0.99; signature=4,4c167f8f15241339212684
Return-Path: <lawbreak...@seawolfchile.cl>
X-Original-To: z...@localhost
Delivered-To: z...@localhost
Received: from terra.nblnetworks.fi (localhost [127.0.0.1])
by terra.nblnetworks.fi (Postfix) with ESMTP id C42669B243
for <z...@localhost>; Mon, 14 Jun 2010 15:52:03 +0300 (EEST)
Received: from mail.netsonic.fi [194.29.192.90]
by terra.nblnetworks.fi with IMAP (fetchmail-6.3.9-rc2)
for <z...@localhost> (single-drop); Mon, 14 Jun 2010 15:52:03 +0300
(EEST)
Received: from netsonic.fi ([unix socket])
by mail.netsonic.fi (Cyrus v2.3.7-Invoca-RPM-2.3.7-4mke) with LMTPA;
Mon, 14 Jun 2010 16:51:58 +0300
X-Sieve: CMU Sieve 2.3
Received: from leimasin.iki.fi (leimasin.iki.fi [212.16.98.49])
by netsonic.fi (Postfix) with ESMTP id 07D901F11AA0
for <nanos...@netsonic.fi>; Mon, 14 Jun 2010 16:51:57 +0300 (EEST)
Received: from ikiaikainen.iki.fi (r...@ikiaikainen.iki.fi [212.16.98.54])
by leimasin.iki.fi (8.13.8/8.13.4) with ESMTP id o5ECoqxk002492
for <jari.jus...@asetus1.silppuri.iki.fi>; Mon, 14 Jun 2010 15:50:52
+0300 (EEST):
Received: from jrkh.qtrduaf.com ([83.153.36.71])
by ikiaikainen.iki.fi (8.14.4/8.14.4) with SMTP id o5ECoogw018334
for <jari.jus...@iki.fi>; Mon, 14 Jun 2010 15:50:51 +0300 (EEST)
Message-ID: <4c1624e1.9060...@horngshiue.com>
Date: Mon, 14 Jun 2010 14:49:21 +0200
From: Brindamour Siew <lawbreak...@seawolfchile.cl>
MIME-Version: 1.0
To: Baillet Segerson <jari.jus...@iki.fi>
Subject: [SPAM] "We will keep the sun
Content-Type: application/octet-stream; name="latterly.rtf"
Content-Transfer-Encoding: base64
X-Spam-Status: No, score=2.2 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET
autolearn=disabled version=3.2.5
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on leimasin.iki.fi
X-DSPAM-Result: Spam
X-DSPAM-Processed: Mon Jun 14 21:14:23 2010
X-DSPAM-Confidence: 0.9884
X-DSPAM-Improbability: 1 in 8501 chance of being ham
X-DSPAM-Probability: 0.9931
X-DSPAM-Signature: 4,4c167f8f15241339212684
X-DSPAM-Factors: 3,
Subject*will+keep, 0.99000,
Subject*will+#+the, 0.68655,
From*Brindamour Siew <lawbreak...@seawolfchile.cl>, 0.40000
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTFcZGVmZjBcZGVmbGFuZzEwNDl7XGZvbnR0Ymx7XGYw
XGZzd2lzc1xmcHJxMlxmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO317
XGYxXGZzd2lzc1xmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO319DQp7
XGNvbG9ydGJsIDtccmVkMFxncmVlbjBcYmx1ZTI1NTtccmVkMFxncmVlbjEyOFxibHVlMDt9
DQp7XCpcZ2VuZXJhdG9yIE1zZnRlZGl0IDQuNS4zMC4zOTc0O31cdmlld2tpbmQ0XHVjMVxw
YXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcbGFuZzlcZjBcZnMzMntcZmllbGR7XCpcZmxkaW5z
dHtIWVBFUkxJTksgImh7XCpcZGQgNC41LjMwLjM5NzQ7fXR0cDovL2NsdWJraW5nLmluZm8i
fX17XGZsZHJzbHR7XHVsXGNmMSBodHRwOi8vY2x1YmtpbmcuaW5mb319fVxmMFxjZjFcYlxm
czMyICAtIE9OTElORSBDQVNJTk8hXHBhcg0KXGxpbmVcY2YyXGJcZjBcZnMyOCBWSVAgQ0xV
QiBDYXNpbm8gaXMgYSBncmVhdCBvbmxpbmUgY2FzaW5vIHRoYXQgb2ZmZXJzIHRoZSB1bmlx
dWUgY29tYmluYXRpb24gb2YgdG9wIHF1YWxpdHkgZ2FtZXMsIGhpZ2ggcGF5b3V0cyBhbmQg
YSAyNC83IHByb2Zlc3Npb25hbCBjdXN0b21lciBzdXBwb3J0LlxwYXINClxwYXIxMDAgcHJv
Z3Jlc3NpdmUgZ2FtZXMgd2l0aCB0b3dlcmluZyBqYWNrcG90cywgd2hpY2ggYXJlIHJlYWR5
IHRvIGV4cGxvZGUgYW5kIGNhbiBtYWtlIG11bHRpLW1pbGxpb25haXJlcyBvdXQgb2YgVklQ
IENMVUIgcGxheWVycyEgRG93bmxvYWQgdGhlIHNvZnR3YXJlIGZvciBmcmVlLCBwaWNrIHVw
IHRoZSBpbmNyZWRpYmxlICQ3NzcgV2VsY29tZSBCb251cyBvbiB5b3Ugd2F5IGluIGFuZCBz
dGFydCBwbGF5aW5nICYgd2lubmluZyFccGFyDQp9DQoA
!DSPAM:4,4c167f8f15241339212684!
nyx ~ #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
You see? My DSPAM installation was able to just tokenize 3 tokens. Only 3! The
reason for that is that I have a lot of IgnoreHeaders in my setup and most of
the stuff you have in your headers are ignored by my installation.
Anyway... Let me try again but this time I enable ClamAV:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nyx ~ # dspam_admin ch pref ste...@bajic.ch "showFactors" "on"
operation successful.
nyx ~ # dspam_admin ch pref ste...@bajic.ch "signatureLocation" "message"
operation successful.
nyx ~ # dspam_admin ch pref ste...@bajic.ch "optOutClamAV" "off"
operation successful.
nyx ~ #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
And now I process that same message again:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nyx ~ # dspam --user ste...@bajic.ch --deliver=summary --stdout <
jari.juslin.eml
X-DSPAM-Result: ste...@bajic.ch; result="Spam"; class="Virus";
probability=1.0000; confidence=1.00; signature=4,4c1680df18449748112346
Return-Path: <lawbreak...@seawolfchile.cl>
X-Original-To: z...@localhost
Delivered-To: z...@localhost
Received: from terra.nblnetworks.fi (localhost [127.0.0.1])
by terra.nblnetworks.fi (Postfix) with ESMTP id C42669B243
for <z...@localhost>; Mon, 14 Jun 2010 15:52:03 +0300 (EEST)
Received: from mail.netsonic.fi [194.29.192.90]
by terra.nblnetworks.fi with IMAP (fetchmail-6.3.9-rc2)
for <z...@localhost> (single-drop); Mon, 14 Jun 2010 15:52:03 +0300
(EEST)
Received: from netsonic.fi ([unix socket])
by mail.netsonic.fi (Cyrus v2.3.7-Invoca-RPM-2.3.7-4mke) with LMTPA;
Mon, 14 Jun 2010 16:51:58 +0300
X-Sieve: CMU Sieve 2.3
Received: from leimasin.iki.fi (leimasin.iki.fi [212.16.98.49])
by netsonic.fi (Postfix) with ESMTP id 07D901F11AA0
for <nanos...@netsonic.fi>; Mon, 14 Jun 2010 16:51:57 +0300 (EEST)
Received: from ikiaikainen.iki.fi (r...@ikiaikainen.iki.fi [212.16.98.54])
by leimasin.iki.fi (8.13.8/8.13.4) with ESMTP id o5ECoqxk002492
for <jari.jus...@asetus1.silppuri.iki.fi>; Mon, 14 Jun 2010 15:50:52
+0300 (EEST):
Received: from jrkh.qtrduaf.com ([83.153.36.71])
by ikiaikainen.iki.fi (8.14.4/8.14.4) with SMTP id o5ECoogw018334
for <jari.jus...@iki.fi>; Mon, 14 Jun 2010 15:50:51 +0300 (EEST)
Message-ID: <4c1624e1.9060...@horngshiue.com>
Date: Mon, 14 Jun 2010 14:49:21 +0200
From: Brindamour Siew <lawbreak...@seawolfchile.cl>
MIME-Version: 1.0
To: Baillet Segerson <jari.jus...@iki.fi>
Subject: [SPAM] "We will keep the sun
Content-Type: application/octet-stream; name="latterly.rtf"
Content-Transfer-Encoding: base64
X-Spam-Status: No, score=2.2 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET
autolearn=disabled version=3.2.5
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on leimasin.iki.fi
X-DSPAM-Result: Virus
X-DSPAM-Processed: Mon Jun 14 21:19:59 2010
X-DSPAM-Confidence: 1.0000
X-DSPAM-Improbability: 1 in 98689409 chance of being ham
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 4,4c1680df18449748112346
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTFcZGVmZjBcZGVmbGFuZzEwNDl7XGZvbnR0Ymx7XGYw
XGZzd2lzc1xmcHJxMlxmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO317
XGYxXGZzd2lzc1xmY2hhcnNldDIwNHtcKlxmbmFtZSBBcmlhbDt9QXJpYWwgQ1lSO319DQp7
XGNvbG9ydGJsIDtccmVkMFxncmVlbjBcYmx1ZTI1NTtccmVkMFxncmVlbjEyOFxibHVlMDt9
DQp7XCpcZ2VuZXJhdG9yIE1zZnRlZGl0IDQuNS4zMC4zOTc0O31cdmlld2tpbmQ0XHVjMVxw
YXJkXHNhMjAwXHNsMjc2XHNsbXVsdDFcbGFuZzlcZjBcZnMzMntcZmllbGR7XCpcZmxkaW5z
dHtIWVBFUkxJTksgImh7XCpcZGQgNC41LjMwLjM5NzQ7fXR0cDovL2NsdWJraW5nLmluZm8i
fX17XGZsZHJzbHR7XHVsXGNmMSBodHRwOi8vY2x1YmtpbmcuaW5mb319fVxmMFxjZjFcYlxm
czMyICAtIE9OTElORSBDQVNJTk8hXHBhcg0KXGxpbmVcY2YyXGJcZjBcZnMyOCBWSVAgQ0xV
QiBDYXNpbm8gaXMgYSBncmVhdCBvbmxpbmUgY2FzaW5vIHRoYXQgb2ZmZXJzIHRoZSB1bmlx
dWUgY29tYmluYXRpb24gb2YgdG9wIHF1YWxpdHkgZ2FtZXMsIGhpZ2ggcGF5b3V0cyBhbmQg
YSAyNC83IHByb2Zlc3Npb25hbCBjdXN0b21lciBzdXBwb3J0LlxwYXINClxwYXIxMDAgcHJv
Z3Jlc3NpdmUgZ2FtZXMgd2l0aCB0b3dlcmluZyBqYWNrcG90cywgd2hpY2ggYXJlIHJlYWR5
IHRvIGV4cGxvZGUgYW5kIGNhbiBtYWtlIG11bHRpLW1pbGxpb25haXJlcyBvdXQgb2YgVklQ
IENMVUIgcGxheWVycyEgRG93bmxvYWQgdGhlIHNvZnR3YXJlIGZvciBmcmVlLCBwaWNrIHVw
IHRoZSBpbmNyZWRpYmxlICQ3NzcgV2VsY29tZSBCb251cyBvbiB5b3Ugd2F5IGluIGFuZCBz
dGFydCBwbGF5aW5nICYgd2lubmluZyFccGFyDQp9DQoA
!DSPAM:4,4c1680df18449748112346!
nyx ~ #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
See? The message is tagged as Virus infected. I have additional signatures in
ClamAV. Lets do the scan again but this time from the command line:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
nyx ~ # clamscan --verbose --stdout --scan-mail=yes jari.juslin.eml
Scanning jari.juslin.eml
jari.juslin.eml: Sanesecurity.Casino.11006.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1033621
Engine version: 0.96.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.097 sec (0 m 5 s)
nyx ~ #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
It takes a bunch of seconds to load clamscan but that is because I have over 1
Million signatures in ClamAV. DSPAM does not use clamscan but uses the CalmAV
in daemon mode so in real environment that processing would be faster.
IMHO attachments are better handled in something else then DSPAM. Off course I
could enable DSPAM to parse a bunch of well known text formats and allow DSPAM
to tokenize their content but I really think that this is not such a biright
idea.
--
Kind Regards from Switzerland,
Stevan Bajić
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
