Hi, On Wed, Feb 17, 2016 at 4:29 PM, Jari Fredriksson <ja...@iki.fi> wrote: > Alex kirjoitti 17.2.2016 18:49: >> >> Hi all, >> >> I recall some rules that were written years ago to address these, but >> it appears they're back. We've been hit with a few, including users >> actually following the link. I was hoping someone had some >> recommendations on how to stop them. >> >> http://pastebin.com/zKWUUQ0Q >> >> Obviously they're coming in advance of being on an RBL or DNSBL. >> >> I was thinking to correlate the body text somehow with something that >> checks to see if it actually passed through Google (SPF, etc?), but >> that won't work for messages that were forwarded to another user... >> >> Thanks, >> Alex > > Rejected here, easily. > > Content analysis details: (14.4 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.5 BOTNET Relay might be a spambot or virusbot
What rule is that? I seem to remember a botnet plugin from about 2010, but didn't think it was maintained or worked properly anymore? > 8.0 CLAMAV Clam AntiVirus detected a virus > [winnow.spam.ts.google.994118.UNOFFICIAL(59724bd0d31d1f2fccdbb50fed23e7cb:3924)] Yes, clamav is catching them now here too. We seem to continually be ahead of the antivirus writers and SBLs. Reindl Harald <h.rei...@thelounge.net> wrote: > 7.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% I can't even imagine almost doubling the bayes score from the default, basically making it a poison pill, when the default score is generated as part of the rule development process. Thanks, Alex
