FW: Re:Nddc Poverty Award (Ref No: NDDC/FGN/009/08/01/NDG)

Mark Sapiro mark at msapiro.net
Tue Oct 27 16:41:26 GMT 2009 

On Mon, Oct 26, 2009 at 04:09:28PM -0600, Robert Lopez wrote:
> -----Original Message-----
> From: GIERI, GIAN "JOE"
> Sent: Monday, October 26, 2009 3:30 PM
> To: LOPEZ, ROBERT
> Subject: FW: Re:Nddc Poverty Award (Ref No: NDDC/FGN/009/08/01/NDG)
> 
>  I have been seeing emails like the one below slipping through our
> email filters. Has something changed?
> 
> Gian "Joe" Gieri
> Executive Director
> CNM - Office of Information Technology Services (ITS)
> 
> 
> -----Original Message-----
> From: Nddc Poverty Award [mailto:lottoawards at sbcglobal.net]
> Sent: Monday, October 26, 2009 2:29 PM
> Subject: Re:Nddc Poverty Award (Ref No: NDDC/FGN/009/08/01/NDG)
> 

[Message text removed]

> ----------------------------------------------------------------------------------------------------------------------------
> 
> This is an example of phishing (not targeting colleges, but pretty
> blatant) that is slipping past
> MailScanner and ScamNailer. I have attached a zip file of the copy
> that was sent to me and the
> headers of it.  The spam score appears to be "ssss".  I am surprised
> it is not higher.
> 
> I have added katamail.com to phishing.bad.sites.conf.  I think that is
> still in use after ScamNailer was added.
> 
> Julian please add it to ScanNailer bad list.


Just FYI, here are some headers from my latest MailScanner list digest

X-GPC-MailScanner-SpamVirus-Report: Sanesecurity.Junk.22901.UNOFFICIAL
X-GPC-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=7.251,
        required 5, BAYES_00 -0.75, HTML_MESSAGE 0.00,
        JM_SOUGHT_FRAUD_2 3.00, JM_SOUGHT_FRAUD_3 3.00,
        MS_FOUND_SPAMVIRUS 3.00, RCVD_IN_DNSWL_LOW -1.00, SPF_PASS -0.00,
        WEIRD_PORT 0.00)
X-GPC-MailScanner-SpamScore: sssssss

Sanesecurity.Junk.22901.UNOFFICIAL is a hit on some of the text in the
and results in the MS_FOUND_SPAMVIRUS 3.00 score. The JM_SOUGHT_FRAUD_*
hits are also from your message.

The sought rules come from http://wiki.apache.org/spamassassin/SoughtRules
and the Sanesecurity sigs come from http://www.sanesecurity.net/ together
with the latest 'spam virus' settings in MailScanner to give the score.

-- 
Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list