Increase in Spam getting through today? {Scanned by Allteks Mailsafe}

Paul Houselander housey at sme-ecom.co.uk
Wed Mar 7 15:25:03 CET 2007


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Anthony
Peacock
Sent: 07 March 2007 13:26
To: MailScanner discussion
Subject: Re: Increase in Spam getting through today? {Scanned by Allteks
Mailsafe}


Hi,

Hugo van der Kooij wrote:
> On Wed, 7 Mar 2007, Paul Houselander wrote:
>
>> Just a quick one, weve had a massive increase in spam getting through
>> today,
>> lots of stock ones, I wondered if anyone else was seeing the same?
>>
>> There scoring 0 even though they look very spammy to me.
>>
>> There defintly not timing out and im still stopping a large amount of
>> spam.
>> I cant figure out if spammers have all of a sudden got very clever at
>> bypassing spamassasin or if something is wrong with my filters!
>>
>> I use Spamassasin 3.1.7, sa-update, rules_du_jour, fuzzyocr, DCC,
>> Pyzor and
>> Razor and Bayes is enabled.
>>
>> Ive run spamassasin -t -D < message on several of the messages and DCC is
>> firing now (but only DCC), so I know Spamassasin is being run on the
>> message
>> but no other rules are being hit!
>
> Sounds like your SA database is polutted.
>
> In my experience it is wise to keep a sample set op SPAM and HAM
> messages at hand. (both just over 200 examples)
>
> Then kill your bayesian database and relearn.
>
> I find that afetr such an action filtering with SpamAssassin is much
> more accurate on all messages.

>You may be right... But I don't think there is enough evidence in the
>original problem description to warrant such a drastic action.  In my
>experience Bayes is very stable, I have never had to rebuild the
>database because it became "polluted".

>If the OP can place an example message (with full headers) on a web site
>where we can get to it, many people here will be able to run that
>message through their systems.

>Also post the output you get from running spamassassin -t -D on the
>message, someone may be able to spot where things are going wrong.


Hi

Thanks for responding. Manged to solve the problem it was a rule I recently
added (got of someone on the spamassasin mailing list) that was causing a
problem

body      __HILO_STOCKS1
/(High|Low|Curr[e3]nt|Cur(r|\r.|r[e3]nt|\.)\Price|Price)[\:\
\t]+\$[\d\ ]+?(.*)(Last|Low|Growth|High|Sale|Price)/i
body      __HILO_STOCKS2
/(hotlist|r[e3]cord|publicity|n[e3]ws|invest|incr[e3]as[e3]|[e3]xplosion|exp
lotion|pric[e3]|high|pr[e3]mium|mark[e3]t|al[e3]rt|sym[b8]ol)/i

meta      HILO_STOCKS     ( __HILO_STOCKS1 && __HILO_STOCKS2 )
describe  HILO_STOCKS     Looks like stocks scam
score     HILO_STOCKS     4.0

I ran one of the messages through it with debug enabled and saw the
following error:

[28988] dbg: rules: ran body rule SARE_MLB_Stock1 ======> got hit: "Target
price:"
Can't find Unicode property definition "r" at
/etc/mail/spamassassin/mailscanner.cf, rule __HILO_STOCKS1, line 1.

Ive removed the rule now and all is working ok, can you see whats wrong with
the rule?

Cheers

Paul






More information about the MailScanner mailing list