FW: Re:Nddc Poverty Award (Ref No: NDDC/FGN/009/08/01/NDG)
Robert Lopez
rlopezcnm at gmail.com
Tue Oct 27 17:16:22 GMT 2009
On Tue, Oct 27, 2009 at 10:41 AM, Mark Sapiro <mark at msapiro.net> wrote:
> On Mon, Oct 26, 2009 at 04:09:28PM -0600, Robert Lopez wrote:
>> -----Original Message-----
>> From: GIERI, GIAN "JOE"
>> Sent: Monday, October 26, 2009 3:30 PM
>> To: LOPEZ, ROBERT
>> Subject: FW: Re:Nddc Poverty Award (Ref No: NDDC/FGN/009/08/01/NDG)
>>
>> I have been seeing emails like the one below slipping through our
>> email filters. Has something changed?
>>
>> Gian "Joe" Gieri
>> Executive Director
>> CNM - Office of Information Technology Services (ITS)
>>
>>
>> -----Original Message-----
>> From: Nddc Poverty Award [mailto:lottoawards at sbcglobal.net]
>> Sent: Monday, October 26, 2009 2:29 PM
>> Subject: Re:Nddc Poverty Award (Ref No: NDDC/FGN/009/08/01/NDG)
>>
>
> [Message text removed]
>
>> ----------------------------------------------------------------------------------------------------------------------------
>>
>> This is an example of phishing (not targeting colleges, but pretty
>> blatant) that is slipping past
>> MailScanner and ScamNailer. I have attached a zip file of the copy
>> that was sent to me and the
>> headers of it. The spam score appears to be "ssss". I am surprised
>> it is not higher.
>>
>> I have added katamail.com to phishing.bad.sites.conf. I think that is
>> still in use after ScamNailer was added.
>>
>> Julian please add it to ScanNailer bad list.
>
>
> Just FYI, here are some headers from my latest MailScanner list digest
>
> X-GPC-MailScanner-SpamVirus-Report: Sanesecurity.Junk.22901.UNOFFICIAL
> X-GPC-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=7.251,
> required 5, BAYES_00 -0.75, HTML_MESSAGE 0.00,
> JM_SOUGHT_FRAUD_2 3.00, JM_SOUGHT_FRAUD_3 3.00,
> MS_FOUND_SPAMVIRUS 3.00, RCVD_IN_DNSWL_LOW -1.00, SPF_PASS -0.00,
> WEIRD_PORT 0.00)
> X-GPC-MailScanner-SpamScore: sssssss
>
> Sanesecurity.Junk.22901.UNOFFICIAL is a hit on some of the text in the
> and results in the MS_FOUND_SPAMVIRUS 3.00 score. The JM_SOUGHT_FRAUD_*
> hits are also from your message.
>
> The sought rules come from http://wiki.apache.org/spamassassin/SoughtRules
> and the Sanesecurity sigs come from http://www.sanesecurity.net/ together
> with the latest 'spam virus' settings in MailScanner to give the score.
>
> --
> Mark Sapiro mark at msapiro net The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Mark,
Are you saying you use the SoughtRules with SpamAssassin and the
Sanesecurity sigs with ClamAV ? Or is there a way to use the
Sanesecutiry sigs directly with SpamAssassin?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
More information about the MailScanner
mailing list