Your settings prevent assp from scanning the mail regulary (while
processed). Because this is (may be) wanted, assp scans the stored corpus
file to be sure, that there is no virus in the file.
You can see this - the file is scanned after disconnect.
Thomas
Von: "K Post" <[email protected]>
An: "ASSP development mailing list" <[email protected]>
Datum: 12.07.2018 18:18
Betreff: Re: [Assp-test] Spam found using ClamAV still being
delivered?
and sorry, this one was Swedish, but still.
On Thu, Jul 12, 2018 at 12:15 PM K Post <[email protected]> wrote:
I can't figure this one out.
French language message slips through bayesian and HMM because almost
everything is in English here. BUT, one of the SecureSite unofficial
clamav lists catches it. GREAT.
However, for some reason, this message was still delivered to our user.
In the log, it goes to OK mail and THEN gets scored by ClamAV. That's not
normal right?
What could I be missing on this one?
Jul-12-18 06:19:31 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] DKIM-Signature found
Jul-12-18 06:19:39 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] checking MX/A for apsis.com , chef.anpdm.com ,
chef.se
Jul-12-18 06:19:40 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] apsis.com - MX 'aspmx.l.google.com' - got IP
(209.85.201.27)
Jul-12-18 06:19:40 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] chef.anpdm.com - MX 'mx10.anpdm.com' - got IP
(91.213.250.35)
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] chef.se - MX '
chef-se.mail.protection.outlook.com' - got IP (213.199.154.106)
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] MX found: apsis.com (List-Unsubscribe) ->
aspmx.l.google.com
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] A record found for MX: apsis.com
(List-Unsubscribe) -> 209.85.201.27
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] MX found: chef.anpdm.com (Mail From:) ->
mx10.anpdm.com
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] A record found for MX: chef.anpdm.com (Mail
From:) -> 91.213.250.35
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] MX found: chef.se (Reply-To , From) ->
chef-se.mail.protection.outlook.com
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] A record found for MX: chef.se (Reply-To ,
From) -> 213.199.154.106
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] HMM-Check has given less than 6 results - using
monitoring mode only
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] Bayesian Check [scoring] - Prob: 1.00000 -
Confidence: 0.00004 => doubtful.spam - answer/query relation: 27% of 54
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] Message-Score: added 25 for Bayesian
Probability: 1.00000, total score for this message is now 25
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] info: found DKIM signature identity '@anpdm.com
'
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] [scoring] DKIM signature verified-OK - pass -
identity is: @anpdm.com - sender policy is: neutral - author policy is:
neutral
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] Message-Score: added -5 (dkimOkValencePB) for
DKIM pass, total score for this message is now 20
Jul-12-18 06:19:41 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] [Plugin] calling plugin ASSP_AFC
Jul-12-18 06:19:41 59810-00211 [MessageOK] x.x.208.208 <
[email protected]> to: [email protected] message ok [Saknar
du din chef p semestern Nominera hen till Chefgalan] ->
messages/okmail/Saknar_du_din_chef_p_semestern_Nominera_hen_till_Chefgalan--2657839.txt
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] finished message - received DATA size: 21.73
kByte - sent DATA size: 22.85 kByte
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] disconnected: session:F51B9E10 x.x.208.208 -
processing time 13 seconds
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] ClamAV: scanned 22973 bytes in file
messages/okmail/Saknar_du_din_chef_p_semestern_Nominera_hen_till_Chefgalan--2657839.txt
- FOUND SecuriteInfo.com.Spam-718.UNOFFICIAL
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] deleting spamming safelisted tuplet:
(x.x.208.0,chef.anpdm.com) age: 11s
Jul-12-18 06:19:42 59810-00211 x.x.208.208 <[email protected]>
to: [email protected] Message-Score: added 50 (vdValencePB) for virus
detected: 'SecuriteInfo.com.Spam-718.UNOFFICIAL', total score for this
message is now 70
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
