Search found 25 matches
- 30 Aug 2018 12:50
- Forum: 3.x Bugs
- Topic: Drugs_muscle false positive
- Replies: 1
- Views: 2468
Drugs_muscle false positive
Guys, There's a rule that ive seen cause false positive with portuguese language several times. Its the rule DRUGS_MUSCLE 2.50. Similar to what is mentioned here https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6615 It thinks that SOMA, which in portuguese means "SUM" (as in addition) is...
- 16 Apr 2018 13:38
- Forum: Discussion
- Topic: FSL_BULK_SIG
- Replies: 2
- Views: 2690
Re: FSL_BULK_SIG
Thanks a lot, Pd walker. That helped us to find the issue here on our side.
All the best.
All the best.
- 07 Apr 2018 12:04
- Forum: Discussion
- Topic: FSL_BULK_SIG
- Replies: 2
- Views: 2690
FSL_BULK_SIG
Hi, everyone I saw some messages about this here from some years ago, but still in doubt... Is this still an active spamassassin test? header __FSL_HAS_LIST_UNSUB exists:List-Unsubscribe meta FSL_BULK_SIG ((DCC_CHECK || RAZOR2_CHECK || PYZOR_CHECK) && !__FSL_HAS_LIST_UNSUB) describe FSL_BULK...
- 09 Jan 2017 17:22
- Forum: Discussion
- Topic: Razor false positives
- Replies: 3
- Views: 3141
Re: Razor false positives
Thank you, Ovizii. Were you able to check if it does more good than bad? I saw it contribute quite a bit to cause false positive several times. And what is really negative it headers are still being added after the message has been analyzed by Razor, so when you run the checksum on the complete mess...
- 29 Dec 2016 14:15
- Forum: Discussion
- Topic: Razor false positives
- Replies: 3
- Views: 3141
Razor false positives
Hi, everyone
Is anyone else getting several false positives due to Razor? It scores so much and ends up deciding wrongly.
Didnt find how to report false positive to them.
Does anyone know?
Thanks!
Is anyone else getting several false positives due to Razor? It scores so much and ends up deciding wrongly.
Didnt find how to report false positive to them.
Does anyone know?
Thanks!
- 19 Aug 2016 16:30
- Forum: Discussion
- Topic: ImageCerberusPLG5 high score, no?
- Replies: 22
- Views: 12834
Re: ImageCerberusPLG5 high score, no?
Thanks a lot, pdwalker. Just curious, you see it have some legit hits?
How does it work more or less, it analyses images, an OCR type, but trying to find patterns, seems hard to do... The FP are strange, basic logos of companies with peoples names.
How does it work more or less, it analyses images, an OCR type, but trying to find patterns, seems hard to do... The FP are strange, basic logos of companies with peoples names.
- 17 Aug 2016 17:06
- Forum: Discussion
- Topic: ImageCerberusPLG5 high score, no?
- Replies: 22
- Views: 12834
Re: ImageCerberusPLG5 high score, no?
Guys/Shawn, Just curious, what value you suggest to score for ImageCerberusPLG5? Maybe 1 point instead of 4.50? I dont have root access, but Ill ask my sysadmin to see if he assess this, filter out a few days of emails and see how many good results it has, etc. I see some very weird false positives....
- 03 Jun 2016 14:31
- Forum: Discussion
- Topic: ImageCerberusPLG5 high score, no?
- Replies: 22
- Views: 12834
Re: ImageCerberusPLG5 high score, no?
Thanks a lot, Shawn, very nice of you.
Congrats on EFA and constant improvements!!
Congrats on EFA and constant improvements!!
- 20 May 2016 17:07
- Forum: Discussion
- Topic: ImageCerberusPLG5 high score, no?
- Replies: 22
- Views: 12834
Re: ImageCerberusPLG5 high score, no?
Hi,
Thanks, everyone! Is it not possible/worth it to lower these scores by default in EFA?
Are these official SA rules?
Thanks
Thanks, everyone! Is it not possible/worth it to lower these scores by default in EFA?
Are these official SA rules?
Thanks
- 14 Apr 2016 17:51
- Forum: Discussion
- Topic: Win32:Malware-gen malware
- Replies: 7
- Views: 4871
Re: Win32:Malware-gen malware
Actually, ClamAV doesnt detect this virus, as many other viruses.
- 08 Apr 2016 14:14
- Forum: Discussion
- Topic: PHP_ORIG_SCRIPT not too high?
- Replies: 6
- Views: 8635
Re: PHP_ORIG_SCRIPT not too high?
Thanks!!
- 08 Apr 2016 14:09
- Forum: Discussion
- Topic: ImageCerberusPLG5 high score, no?
- Replies: 22
- Views: 12834
Re: ImageCerberusPLG5 high score, no?
Thanks, but is this an official SA rule? As I dont see it in SA rules. It does what exactly, what type of image it catches, porn?
Why such a high score? I will try to analyse to see if it does have some good hits also...
What are other folks experience with this rule? Worth lowering score?
Thanks
Why such a high score? I will try to analyse to see if it does have some good hits also...
What are other folks experience with this rule? Worth lowering score?
Thanks
- 01 Apr 2016 14:41
- Forum: Discussion
- Topic: ImageCerberusPLG5 high score, no?
- Replies: 22
- Views: 12834
ImageCerberusPLG5 high score, no?
Hi, everyone I found an email, false positive, and the rule ImageCerberusPLG5 4.50 had a hit with high score. All the email had was a banner/image/letterhead with customers logo. I found it strange, as this rule is not in official SA and as I said, the score is really high, helped a lot to mark the ...
- 31 Mar 2016 16:47
- Forum: Discussion
- Topic: PHP_ORIG_SCRIPT not too high?
- Replies: 6
- Views: 8635
PHP_ORIG_SCRIPT not too high?
Hello, everyone Im wonder, this test, which doesnt seem to be in the original Spamassassin, IMHO, seems a bit too high of a score, as it seems to just identify the email came from a PHP script... Any thoughts? X-efa-SpamCheck: not spam, SpamAssassin (not cached, score=3.452, required 4, autolearn=di...
- 21 Mar 2016 14:24
- Forum: How-to
- Topic: detect spams of abused accounts
- Replies: 2
- Views: 2616
Re: detect spams of abused accounts
Hi,
Thanks for reply. We use DSPAM and teach it, not spamassassin bayes.
I put this topic here also, some interesting ideas: http://mail-archives.apache.org/mod_mbo ... ox/browser
Thanks.
Thanks for reply. We use DSPAM and teach it, not spamassassin bayes.
I put this topic here also, some interesting ideas: http://mail-archives.apache.org/mod_mbo ... ox/browser
Thanks.
- 15 Mar 2016 16:08
- Forum: How-to
- Topic: detect spams of abused accounts
- Replies: 2
- Views: 2616
detect spams of abused accounts
Hi, everyone Please check http://pastebin.com/GUBqpyZ8 Interesting how some spams that abuse some legit account such as this one are hard to detect, how Spamassassin scores almost nothing although there are spammy works, etc. System caught DCC_CHECK 1.10. Some other systems such as isnotspam.com cau...
- 02 Feb 2016 13:21
- Forum: How-to
- Topic: reporting spam
- Replies: 3
- Views: 3267
Re: reporting spam
Hi, Shawn Thanks for reply. You mean mailwatch.org? Yes, something automated. Im wondering if its worth reporting spam to spamassassin. Do you know if they really consider improving rules based on reports? Because as per the link I had sent on their site, it says it helps sending reports Razor, Pyzo...
- 21 Jan 2016 11:42
- Forum: How-to
- Topic: reporting spam
- Replies: 3
- Views: 3267
reporting spam
friends, any tips on how to permit trusted users to report spam? I use spamcop, but wanted something more automated that would auto report emails in a certain folder. I dont mean bayes, rather sending to spamassassin team, for example, to create new rules, etc. I saw this https://wiki.apache.org/spa...
- 14 Jul 2015 16:25
- Forum: Discussion
- Topic: Win32:Malware-gen malware
- Replies: 7
- Views: 4871
Re: Win32:Malware-gen malware
Update: after a bit of insistance and contacting them via facebook, ClamAV did publish update to catch this virus. But others are popping up and its a bit of work trying to report to them and follow up. Any recommendations of really good antivirus and a competitive costs that catches these malwares?...
- 12 Jun 2015 14:46
- Forum: Discussion
- Topic: Win32:Malware-gen malware
- Replies: 7
- Views: 4871
Re: Win32:Malware-gen malware
Thanks, guys, for super fast reply! I already submitted to ClamAV, but no response. Cant EFA detect this also as it does with many viruses? I know theres also a setting in ClamAV to make it detect viruses/malware in a harsher way, but I believe my sysadmin prefers to not enable such setting due to o...
- 12 Jun 2015 12:08
- Forum: Discussion
- Topic: Win32:Malware-gen malware
- Replies: 7
- Views: 4871
Win32:Malware-gen malware
Hi, everyone We have EFA helping to catch many viruses not caught by clamav, but some such as this Win32:Malware-gen is not caught. Any suggestions how to catch it? Details: https://www.virustotal.com/pt/file/dfe0cd0c48dbf96b56ddcff6d8fdfea9b514e76050db311bd190340ef5f1cbb4/analysis/ I attached the V...
- 24 Feb 2015 11:52
- Forum: Discussion
- Topic: analysing email header
- Replies: 7
- Views: 5013
Re: analysing email header
Thanks, ends up my sysadmin prefers not to add, as he says it would add too much info in the header, we already have spamassassin, bayes etc in header. If you can, perhaps consider being able to add to header in a summarized way all tests, would be neat, perhaps I can convince my sysadmin to enable ...
- 13 Feb 2015 13:51
- Forum: Discussion
- Topic: analysing email header
- Replies: 7
- Views: 5013
Re: analysing email header
Thanks. Then it will include the SA part of scoring only? and the other modules EFA has?
Tks
Tks
- 11 Feb 2015 18:06
- Forum: Discussion
- Topic: analysing email header
- Replies: 7
- Views: 5013
Re: analysing email header
Hi. Thanks, guys. Yes, on the header would be ideal as I dont have root access, just wanted to be able to comprehend reasons for EFA spam score, as I analyse other things in the header such as spamassassin, bayes, other systems my provider has, but EFA I dont get much details. Its the appliance. Tha...
- 09 Feb 2015 12:28
- Forum: Discussion
- Topic: analysing email header
- Replies: 7
- Views: 5013
analysing email header
Hi, everyone Congrats on EFA! 1) How can I assess for what reason an email got a high score in EFA, such as the one below? Can I add extra info in headers, to help understand why email was marked or not as spam? or do I need to check some logs server side (dont have access to server as root)? X-emai...