Problem Email Again (retry)
Stephen Swaney
steve.swaney at FSL.COM
Fri Jun 17 02:40:51 IST 2005
Mike Kercher wrote:
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf
>Of Scott Silva
>Sent: Thursday, June 16, 2005 2:03 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Problem Email Again (retry)
>
>Mike Kercher said the following on 6/15/2005 4:53 PM:
>
>
>>I tried attaching the problem qf/df pair and it was rejected so I have
>>uploaded the archive here:
>>
>>http://www.abby.com/problem_email.tar.gz
>>
>>
>>
>>I emailed the list a week or so ago about certain emails getting stuck
>>in /var/spool/mqueue.in, being processed over and over again. It
>>happened again today. I restarted MailScanner in debug mode and
>>didn't see anything useful there:
>>
>>Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases
>>rebuilt by root
>>
>>
>
>
>
>
No problem here. Our results- Spam Score is off the map and it's also
seen as infected by Clam AV (PayPal phishing scheme):
Jun 16 21:10:55 tester3 MailScanner[32203]: Message j5FJvISb003617 from
66.163.175.82 (service at paypal.com) to abby.com is spam, SpamAssassin
(score=123.739, required 5, autolearn=spam, BAYES_50 0.00, DCC_CHECK
2.17, DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML
0.63, FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00,
MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72,
PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51,
RCVD_IN_BL_SPAMCOP_NET 1.22, SARE_FORGED_PAYPAL 104.00,
SARE_FORGED_PAYPAL_C 1.30, URIBL_OB_SURBL 3.21)
Jun 16 21:10:56 tester3 MailScanner[32203]: Spam Actions: message
j5FJvISb003617 actions are store
Jun 16 21:10:56 tester3 MailScanner[32203]: ClamAVModule::INFECTED::
HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-32203-2.html
Jun 16 21:10:57 tester3 MailScanner[32203]: Infected message
j5FJvISb003617 came from 66.163.175.82
Jun 16 21:10:57 tester3 MailScanner[32203]: Saved entire message to
/var/spool/MailScanner/quarantine/20050616/j5FJvISb003617
Jun 16 21:10:57 tester3 MailScanner[32203]: Saved infected
"msg-32203-2.html" to
/var/spool/MailScanner/quarantine/20050616/j5FJvISb003617
what do your logs report when you try and feed it through?
Steve
Steve at fsl.com
www.fsl.com
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list