RE: False Negatives

Wed, 16 Apr 2008 23:15:29 -0700 

> http://pastebin.com/m16055c85

Content analysis details:   (9.6 points, 6.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 1.5 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL
blocklist
                            [URIs: diroma.us]
 0.5 SPF_HELO_FAIL          SPF: HELO does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/Why?id=mail4.go-concepts.com&ip=10.1.5.17&receive
r=proxy.intern.seceidos.de]
 0.0 NORMAL_HTTP_TO_IP      URI: Uses a dotted-decimal IP address in URL
 2.8 UNWANTED_LANGUAGE_BODY BODY: Message written in an undesired
language
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5000]
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 2.0 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 0.7 SARE_BANK_URI_IP       SARE_BANK_URI_IP
 0.1 CRM114_CHECK           CRM114: message is UNSURE with crm114-score
-2.0200


> http://pastebin.com/m52635526

Content analysis details:   (13.0 points, 6.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 2.0 URIBL_BLACK            Contains an URL listed in the URIBL
blacklist
                            [URIs: trip-reps6.com]
 1.5 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL
blocklist
                            [URIs: trip-reps6.com]
-0.3 BOTNET_SERVERWORDS     Hostname contains server-like substrings
 
[botnet_serverwords,ip=64.187.116.22,rdns=mail.trip-reps6.com]
 0.5 SPF_HELO_FAIL          SPF: HELO does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/Why?id=mail4.go-concepts.com&ip=10.1.5.17&receive
r=proxy.intern.seceidos.de]
 0.1 TW_MF                  BODY: Odd Letter Triples with MF
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5003]
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf:  80]
 2.0 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf:  80]
 2.2 DCC_CHECK              Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
 3.0 DIGEST_MULTIPLE        Message hits more than one network digest
check
 0.1 CRM114_CHECK           CRM114: message is UNSURE with crm114-score
-1.7700

I did not check the other two. Not sure if DCC/Razor would have seen
them a few hours ago. If they were to cross my server now they would at
least be flagged as spam.

Are you using DCC/RAZOR?

Reply via email to