Live scoring vs. Test scoring
Max Kipness
max at inmindlabs.com
Fri Jul 4 15:10:52 IST 2014
Good morning Guys,
I've noticed something that I'm a bit puzzled about. Today I was
testing a spam message that got through with a low score. It's one of
those with a subject as ???????? and all it had was a very large
attachment.
Well when it passed through MailScanner the first time, it received the
following score:
score=1.911
required 4.5
BAYES_50 0.80
DCC_CHECK 1.10
HTML_MESSAGE 0.00
T_OBFU_PDF_ATTACH 0.01
Not sure why the bayes was so low as bayes is pretty much 99% accurate
at this point, but the real question is that when I ran it through
SpamAssassin again, it several other rules. I understand it could hit
other databases like Pyzor and get listed after I received my copy.
However, shouldn't the TVD_FW_GRAPHIC_NAME_LONG BODY, SARE_GIF_ATTACH
and DIET_SPAM, etc have hit the first time?
Am I missing something? Overall my accuracy is really high, but just
curious about this issue.
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 TVD_FW_GRAPHIC_NAME_LONG BODY: Long image attachment name
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4576]
0.0 T_OBFU_PDF_ATTACH BODY: PDF attachment with generic MIME type
0.2 DIET_SPAM FULL: DIET_SPAM
1.4 SARE_GIF_ATTACH FULL: Email has a inline gif
1.1 DCC_CHECK Detected as bulk mail by DCC
(dcc-servers.net)
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.3 DIGEST_MULTIPLE Message hits more than one network digest
check
2.2 SB_GIF_AND_NO_URIS SB_GIF_AND_NO_URIS
-1.1 AWL AWL: From: address is in the auto white-list
Thanks,
Max
More information about the MailScanner
mailing list