Mailscanner vs Spamassassin settings for changing the message headers

Boulytchev, Vasiliy vboulytchev at COINFOTECH.COM
Fri Oct 3 20:06:49 IST 2003 

Julian,
        We are not doing anything special.  We are using what Spamassassin does by default...  I just read Kevin's email.  I agree with him.  Here is a snap from what Spamassasin does right now.   THANKS!!!!!!!!!!!!!!!!!!!



Content preview:  Copy Any DVD to CD, Easy - Fast - Convenient! You will
  be astonished by what this new, revolutionary software has to offer.
  Fastest Possible Technology 3-Click System Ready in less than 1 min.
  Immediate Download Full Money-back Guarantee Free Lifetime Support and
  Updates [...] 

This mail is probably spam.  The original message has been attached along with this report, so you can recognize or block similar unwanted mail in future.  See http://spamassassin.org/tag/ for more details.

Content analysis details:   (7.20 points, 6 required)
CLICK_BELOW_CAPS   (0.5 points)  BODY: Asks you to click below (in capital letters)
BANG_MORE          (0.7 points)  BODY: Talks about more with an exclamation!
HTML_60_70         (0.1 points)  BODY: Message is 60% to 70% HTML
HTML_MESSAGE       (0.1 points)  BODY: HTML included in message
HTML_LINK_CLICK_CAPS (1.1 points)  BODY: HTML link text says "CLICK"
HTML_FONT_BIG      (0.3 points)  BODY: FONT Size +2 and up or 3 and up
HTML_FONT_COLOR_BLUE (0.1 points)  BODY: HTML font color is blue HTML_LINK_CLICK_HERE (0.1 points)  BODY: HTML link text says "click here" HTML_FONT_COLOR_GRAY (0.1 points)  BODY: HTML font color is gray FORGED_MUA_OUTLOOK (3.5 points)  Forged mail pretending to be from MS Outlook
MIME_HTML_ONLY     (0.1 points)  Message only has text/html MIME parts
MISSING_MIMEOLE    (0.5 points)  Message has X-MSMail-Priority, but no X-MimeOLE

The original message did not contain plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam.  If you wish to view it, it may be safer to save it to a file and open it with an editor.

 
Vasiliy Boulytchev
Colorado Information Technologies, Inc.
http://www.coinfotech.com


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Friday, October 03, 2003 12:32 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Mailscanner vs Spamassassin settings for changing the
message headers



At 19:16 03/10/2003, you wrote:
>penis enlargement? :)))))))))))))))))
>
>
>
>
>So what do you guys think, is it doable?

The use of _SCORE_ in the subject line text is in the next version, but not
the content preview.
What do you think should be in the content preview? I could try to parse
the original content and extract the first 40 or 50 characters. But this
would need to be totally dis-armed text as 40 or 50 bytes is plenty to put
in an exploit or attack. The whole point of the attachment method is that
you can guarantee the initial message you see (which does include the
sanitised subject line) is harmless. Including anything from the original
message has to be done *very* carefully.


>
>Vasiliy Boulytchev
>Colorado Information Technologies, Inc.
>http://www.coinfotech.com
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>Behalf Of Kevin Spicer
>Sent: Friday, October 03, 2003 12:11 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Mailscanner vs Spamassassin settings for changing the
>message headers
>
>
>
>On Fri, 2003-10-03 at 18:48, Boulytchev, Vasiliy wrote:
>
>
> >*******************************************************************
> >Content preview:  Copy Any DVD to CD, Easy - Fast - Convenient! You
>
>Thats a neat feature, I'd certainly find it useful if anyone implemented
>it.  I keep getting calls from users who are frightened to open the
>attachment (because of the warning in the attachment report), but
>frightened to delete the mail (in case its actually relevent).  e.g. One
>recent case one of our people who deals with requests for quotes etc
>received a Spam entitled 'Urgent Business Proposal' and had to call me
>so I could decide whether it was 'safe' to open (go on, guess what it
>was...)
>
>
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material.  If you have received this in error, please contact the
>sender and delete this message immediately.  Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited.  BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list