simscan doesn't seem to work with spamassassin...

Started by robbert, January 08, 2007, 05:05:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

robbert

January 08, 2007, 05:05:57 AM
Hi there,

First of all I've got to say that I'm an rookie so any help would be great!

Test machine details:
- FreeBSD 5.4-STABLE
- perl 5.8.8 (upgraded from 5.8.6)
- Mail:Toaster 5.04 (upgraded from 4.08 this went without to much problems)

Till now my anti spam was only based on RBL filtering wich works great!

I now want to enable a lot more anti spam so I installed spamassassin with razor, clamav and simscan

1) When I test my configuration with toaster_setup.pl -s filtertest the output is as expected

2) When I send myself a mail with an executable it's filtered as expected and bounced
Remote host said: 554 Your email was rejected because it contains a bad attachment:

3) When I forward a spam message to my test machine it passes.... OEPS
Let me give some details:

------------------------------
[root@knip tmp]#vi /var/qmail/control/simcontrol
:clam=yes,spam=yes,trophie=no,spam_hits=12,attach=.exe:.com:.vbs:.lnk:.scr:.wsh:.hta:.pif
------------------------------

------------------------------
Header of the received spam mail:

Received: (qmail 22430 invoked by uid 89); 8 Jan 2007 11:08:08 -0000
Received: by simscan 1.2.0 ppid: 22426, pid: 22427, t: 0.1863s
     scanners: attach: 1.2.0 clamav: 0.88.7/m:42/d:2422

I expect here something with spamassassin....
------------------------------

When I run spamassassin manually for this mail it's saying that it IS spam...

------------------------------
spamassassin -t /usr/local/vpopmail/domains/SOMEDOMAIN/kosmo/Maildir/cur/1168253764.22108.SOMEDOMAIN\,S\=12548\:2\,S

The header is rewritten:
Subject: *****SPAM***** [Fwd: nws updated]
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on knip.kpsws.com
X-Spam-Level: *******************
X-Spam-Status: Yes, score=19.2 required=5.0 tests=HTML_IMAGE_ONLY_20,
        HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,RAZOR2_CF_RANGE_51_100,
        RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,URIBL_AB_SURBL,URIBL_JP_SURBL,
        URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=no
        version=3.1.7

Content analysis details:   (19.2 points, 5.0 required)

pts rule name              description^M
---- ---------------------- --------------------------------------------------
0.6 HTML_IMAGE_ONLY_20     BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_MESSAGE           BODY: HTML included in message
1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
1.1 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: prolinor.com]
3.3 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: prolinor.com]
3.4 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: prolinor.com]
1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: prolinor.com]
2.6 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: prolinor.com]
3.6 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: prolinor.com]
0.5 HTML_SHORT_LINK_IMG_3  HTML is very short with a linked image



It's probably an easy mistake.... but I'm overlooking it... 
Anyone who can help me? I would apreciate it..

Regards Robbert

robbert

#1
January 08, 2007, 07:02:17 AM
Ok now I'm really lost,

another round of tries...

------------
toaster_setup.pl -s simtest gives me an correct header?!

Received: (qmail 27758 invoked by uid 0); 8 Jan 2007 13:52:57 -0000
Received: by simscan 1.2.0 ppid: 27753, pid: 27754, t: 0.9933s
     scanners: attach: 1.2.0 clamav: 0.88.7/m:42/d:2423 spam: 3.1.7
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on SOMEDOMAIN
X-Spam-Level:
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS
     autolearn=ham version=3.1.7
Date: 8 Jan 2007 13:52:56 -0000
------------

While after a resend of the viral message still gives me no header with spamaassassin :S

Received: (qmail 27789 invoked by uid 89); 8 Jan 2007 13:53:39 -0000
Received: by simscan 1.2.0 ppid: 27785, pid: 27786, t: 0.1803s
     scanners: attach: 1.2.0 clamav: 0.88.7/m:42/d:2423
Received: from unknown (HELO mail.kpsws.com) (213.189.19.79)
     by 192.168.2.5 with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jan 2007 13:53:39 -0000
Received: (qmail 2790 invoked by uid 80); 8 Jan 2007 13:50:49 -0000
------------

WHY NOT???

robbert

#2
January 10, 2007, 01:04:35 PM
solved...

problem in ~/vpopmail/tcp.smtp

Now spamassassin is working :P

rlance

#3
January 13, 2007, 10:39:48 AM
What was the problem, and what was it's resolution?
Print
Go Up Pages1
User actions