Scanning for Spam
Anthony Peacock
a.peacock at chime.ucl.ac.uk
Fri Feb 9 17:06:58 CET 2007
Hi,
am.lists wrote:
> Anthony,
>
> When I obfuscated my real IP in the htm, I added 1.3 to that score
> (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was
> the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule.
Actually the kicker is Bayes, my Bayes is scoring 99% which gives it a
whole 3.5 points, added to the SARE stocks rules that is enough,
ignoring any network tests (see below)
> I looked on RE and don't see which group that's part of. It seems very
> effective.
That is in 70_SARE_STOCKS
>
> UPDATE: I just received another text-only one, and it's on the URL below.
>
> I didn't obfuscate any IPs this time, so the THIRD message would be an
> interesting test.
>
> http://mailgw.evokeemail.com/q/20070208.htm
Still get that one,
Content analysis details: (8.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.3 TO_EMPTY To: is empty
0.1 FROM_NO_LOWER From address has no lower-case characters
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.1 TO_CC_NONE No To: or Cc: header
1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
More information about the MailScanner
mailing list