Search found 25 matches

by robertboyl
30 Aug 2018 12:50
Forum: 3.x Bugs
Topic: Drugs_muscle false positive
Replies: 1
Views: 2466

Drugs_muscle false positive

Guys, There's a rule that ive seen cause false positive with portuguese language several times. Its the rule DRUGS_MUSCLE 2.50. Similar to what is mentioned here https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6615 It thinks that SOMA, which in portuguese means "SUM" (as in addition) is...
by robertboyl
16 Apr 2018 13:38
Forum: Discussion
Topic: FSL_BULK_SIG
Replies: 2
Views: 2690

Re: FSL_BULK_SIG

Thanks a lot, Pd walker. That helped us to find the issue here on our side.

All the best.
by robertboyl
07 Apr 2018 12:04
Forum: Discussion
Topic: FSL_BULK_SIG
Replies: 2
Views: 2690

FSL_BULK_SIG

Hi, everyone I saw some messages about this here from some years ago, but still in doubt... Is this still an active spamassassin test? header __FSL_HAS_LIST_UNSUB exists:List-Unsubscribe meta FSL_BULK_SIG ((DCC_CHECK || RAZOR2_CHECK || PYZOR_CHECK) && !__FSL_HAS_LIST_UNSUB) describe FSL_BULK...
by robertboyl
09 Jan 2017 17:22
Forum: Discussion
Topic: Razor false positives
Replies: 3
Views: 3141

Re: Razor false positives

Thank you, Ovizii. Were you able to check if it does more good than bad? I saw it contribute quite a bit to cause false positive several times. And what is really negative it headers are still being added after the message has been analyzed by Razor, so when you run the checksum on the complete mess...
by robertboyl
29 Dec 2016 14:15
Forum: Discussion
Topic: Razor false positives
Replies: 3
Views: 3141

Razor false positives

Hi, everyone

Is anyone else getting several false positives due to Razor? It scores so much and ends up deciding wrongly.

Didnt find how to report false positive to them.

Does anyone know?

Thanks!
by robertboyl
19 Aug 2016 16:30
Forum: Discussion
Topic: ImageCerberusPLG5 high score, no?
Replies: 22
Views: 12834

Re: ImageCerberusPLG5 high score, no?

Thanks a lot, pdwalker. Just curious, you see it have some legit hits?

How does it work more or less, it analyses images, an OCR type, but trying to find patterns, seems hard to do... The FP are strange, basic logos of companies with peoples names.
by robertboyl
17 Aug 2016 17:06
Forum: Discussion
Topic: ImageCerberusPLG5 high score, no?
Replies: 22
Views: 12834

Re: ImageCerberusPLG5 high score, no?

Guys/Shawn, Just curious, what value you suggest to score for ImageCerberusPLG5? Maybe 1 point instead of 4.50? I dont have root access, but Ill ask my sysadmin to see if he assess this, filter out a few days of emails and see how many good results it has, etc. I see some very weird false positives....
by robertboyl
03 Jun 2016 14:31
Forum: Discussion
Topic: ImageCerberusPLG5 high score, no?
Replies: 22
Views: 12834

Re: ImageCerberusPLG5 high score, no?

Thanks a lot, Shawn, very nice of you.

Congrats on EFA and constant improvements!!
by robertboyl
20 May 2016 17:07
Forum: Discussion
Topic: ImageCerberusPLG5 high score, no?
Replies: 22
Views: 12834

Re: ImageCerberusPLG5 high score, no?

Hi,

Thanks, everyone! Is it not possible/worth it to lower these scores by default in EFA?

Are these official SA rules?

Thanks
by robertboyl
14 Apr 2016 17:51
Forum: Discussion
Topic: Win32:Malware-gen malware
Replies: 7
Views: 4871

Re: Win32:Malware-gen malware

Actually, ClamAV doesnt detect this virus, as many other viruses. :(
by robertboyl
08 Apr 2016 14:14
Forum: Discussion
Topic: PHP_ORIG_SCRIPT not too high?
Replies: 6
Views: 8635

Re: PHP_ORIG_SCRIPT not too high?

Thanks!!
by robertboyl
08 Apr 2016 14:09
Forum: Discussion
Topic: ImageCerberusPLG5 high score, no?
Replies: 22
Views: 12834

Re: ImageCerberusPLG5 high score, no?

Thanks, but is this an official SA rule? As I dont see it in SA rules. It does what exactly, what type of image it catches, porn?

Why such a high score? I will try to analyse to see if it does have some good hits also...

What are other folks experience with this rule? Worth lowering score?

Thanks
by robertboyl
01 Apr 2016 14:41
Forum: Discussion
Topic: ImageCerberusPLG5 high score, no?
Replies: 22
Views: 12834

ImageCerberusPLG5 high score, no?

Hi, everyone I found an email, false positive, and the rule ImageCerberusPLG5 4.50 had a hit with high score. All the email had was a banner/image/letterhead with customers logo. I found it strange, as this rule is not in official SA and as I said, the score is really high, helped a lot to mark the ...
by robertboyl
31 Mar 2016 16:47
Forum: Discussion
Topic: PHP_ORIG_SCRIPT not too high?
Replies: 6
Views: 8635

PHP_ORIG_SCRIPT not too high?

Hello, everyone Im wonder, this test, which doesnt seem to be in the original Spamassassin, IMHO, seems a bit too high of a score, as it seems to just identify the email came from a PHP script... Any thoughts? X-efa-SpamCheck: not spam, SpamAssassin (not cached, score=3.452, required 4, autolearn=di...
by robertboyl
21 Mar 2016 14:24
Forum: How-to
Topic: detect spams of abused accounts
Replies: 2
Views: 2616

Re: detect spams of abused accounts

Hi,

Thanks for reply. We use DSPAM and teach it, not spamassassin bayes.

I put this topic here also, some interesting ideas: http://mail-archives.apache.org/mod_mbo ... ox/browser

Thanks.
by robertboyl
15 Mar 2016 16:08
Forum: How-to
Topic: detect spams of abused accounts
Replies: 2
Views: 2616

detect spams of abused accounts

Hi, everyone Please check http://pastebin.com/GUBqpyZ8 Interesting how some spams that abuse some legit account such as this one are hard to detect, how Spamassassin scores almost nothing although there are spammy works, etc. System caught DCC_CHECK 1.10. Some other systems such as isnotspam.com cau...
by robertboyl
02 Feb 2016 13:21
Forum: How-to
Topic: reporting spam
Replies: 3
Views: 3267

Re: reporting spam

Hi, Shawn Thanks for reply. You mean mailwatch.org? Yes, something automated. Im wondering if its worth reporting spam to spamassassin. Do you know if they really consider improving rules based on reports? Because as per the link I had sent on their site, it says it helps sending reports Razor, Pyzo...
by robertboyl
21 Jan 2016 11:42
Forum: How-to
Topic: reporting spam
Replies: 3
Views: 3267

reporting spam

friends, any tips on how to permit trusted users to report spam? I use spamcop, but wanted something more automated that would auto report emails in a certain folder. I dont mean bayes, rather sending to spamassassin team, for example, to create new rules, etc. I saw this https://wiki.apache.org/spa...
by robertboyl
14 Jul 2015 16:25
Forum: Discussion
Topic: Win32:Malware-gen malware
Replies: 7
Views: 4871

Re: Win32:Malware-gen malware

Update: after a bit of insistance and contacting them via facebook, ClamAV did publish update to catch this virus. But others are popping up and its a bit of work trying to report to them and follow up. Any recommendations of really good antivirus and a competitive costs that catches these malwares?...
by robertboyl
12 Jun 2015 14:46
Forum: Discussion
Topic: Win32:Malware-gen malware
Replies: 7
Views: 4871

Re: Win32:Malware-gen malware

Thanks, guys, for super fast reply! I already submitted to ClamAV, but no response. Cant EFA detect this also as it does with many viruses? I know theres also a setting in ClamAV to make it detect viruses/malware in a harsher way, but I believe my sysadmin prefers to not enable such setting due to o...
by robertboyl
12 Jun 2015 12:08
Forum: Discussion
Topic: Win32:Malware-gen malware
Replies: 7
Views: 4871

Win32:Malware-gen malware

Hi, everyone We have EFA helping to catch many viruses not caught by clamav, but some such as this Win32:Malware-gen is not caught. Any suggestions how to catch it? Details: https://www.virustotal.com/pt/file/dfe0cd0c48dbf96b56ddcff6d8fdfea9b514e76050db311bd190340ef5f1cbb4/analysis/ I attached the V...
by robertboyl
24 Feb 2015 11:52
Forum: Discussion
Topic: analysing email header
Replies: 7
Views: 5013

Re: analysing email header

Thanks, ends up my sysadmin prefers not to add, as he says it would add too much info in the header, we already have spamassassin, bayes etc in header. If you can, perhaps consider being able to add to header in a summarized way all tests, would be neat, perhaps I can convince my sysadmin to enable ...
by robertboyl
13 Feb 2015 13:51
Forum: Discussion
Topic: analysing email header
Replies: 7
Views: 5013

Re: analysing email header

Thanks. Then it will include the SA part of scoring only? and the other modules EFA has?

Tks
by robertboyl
11 Feb 2015 18:06
Forum: Discussion
Topic: analysing email header
Replies: 7
Views: 5013

Re: analysing email header

Hi. Thanks, guys. Yes, on the header would be ideal as I dont have root access, just wanted to be able to comprehend reasons for EFA spam score, as I analyse other things in the header such as spamassassin, bayes, other systems my provider has, but EFA I dont get much details. Its the appliance. Tha...
by robertboyl
09 Feb 2015 12:28
Forum: Discussion
Topic: analysing email header
Replies: 7
Views: 5013

analysing email header

Hi, everyone Congrats on EFA! 1) How can I assess for what reason an email got a high score in EFA, such as the one below? Can I add extra info in headers, to help understand why email was marked or not as spam? or do I need to check some logs server side (dont have access to server as root)? X-emai...