cannot filter virus letters
Dmitry
vdb at mail.ru
Tue Feb 10 15:55:11 CET 2009
On Tue 10 Feb 2009, David Relson wrote:
> > This is the output of a series "bogofilter -s ; bogofilter -t"
> > commands:
> >
> > U 0.517247
> > U 0.513562
> > U 0.510004
> > U 0.507321
> >
> > What a strange result! It is the opposite of what I expect. The
> > content of this letter is commercial spam with all words concatenated
> > without spaces. Unfortunately, I can't quote this letter here because
> > of non-latin charset. When I switch back to default bogofilter.cf
> > with default values, the spammicity of this letter stay always at "U
> > 0.500000". Exhaustive training does not change anything. What can be
> > done in such situation?
>
> Indeed the result is strange. Have you tried running bogofilter with
> "-vvv" flags? That will list the tokens parsed by bogofilter along
> with their spam scores. The FAQ describes the use of "-v" flags and
> the output generated.
>
> A message can be zipped and attached to avoid latin/non-latin issues.
Yes, I tried to run `bogofilter -vvv`. A lot of common hammy tokens:
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.504048, version=1.1.7
n pgood pbad fw U
"rcvd:for" 355 0.658915 0.001561 0.004604 +
"rcvd:info" 188 0.511628 0.000705 0.005602 +
"rcvd:footbolka.ru" 206 0.255814 0.001000 0.007740 +
"rcvd:Feb" 144 0.131783 0.000734 0.011020 +
"ip:10" 173 0.093023 0.000931 0.014448 +
"head:DomainKey-Signature" 41 0.023256 0.000220 0.028183 +
"head:nofws" 41 0.023256 0.000220 0.028183 +
"head:rsa-sha1" 41 0.023256 0.000220 0.028183 +
"to:info" 4154 0.744186 0.023460 0.030747 +
"head:DKIM-Signature" 31 0.023256 0.000162 0.031696 +
"head:Windows-1251" 53 0.015504 0.000295 0.033132 +
"head:from" 24 0.038760 0.000110 0.034713 +
"head:gmail.com" 147 0.023256 0.000832 0.039732 +
"rtrn:gmail.com" 157 0.023256 0.000890 0.041702 +
"head:footbolka-info" 2244 0.286822 0.012759 0.042928 +
"ip:209" 121 0.015504 0.000688 0.048698 +
"head:content-type" 14 0.023256 0.000064 0.055879 +
"head:date" 14 0.023256 0.000064 0.055879 +
"head:received" 14 0.023256 0.000064 0.055879 +
"head:domainkey-signature" 13 0.023256 0.000058 0.059446 +
"head:gamma" 13 0.023256 0.000058 0.059446 +
"head:message-id" 13 0.023256 0.000058 0.059446 +
"head:mime-version" 13 0.023256 0.000058 0.059446 +
"head:relaxed" 13 0.023256 0.000058 0.059446 +
"head:rsa-sha256" 13 0.023256 0.000058 0.059446 +
"head:subject" 13 0.023256 0.000058 0.059446 +
"rcvd:PST" 11 0.023256 0.000046 0.068486 +
"ip:209.85" 11 0.015504 0.000052 0.069733 +
"rcvd:cipher" 11 0.015504 0.000052 0.069733 +
"rcvd:SSLv3" 10 0.015504 0.000046 0.075431 +
"rcvd:version" 10 0.015504 0.000046 0.075431 +
"rcvd:ESMTPS" 9 0.007752 0.000046 0.085338 +
"rcvd:RC4-MD5" 9 0.007752 0.000046 0.085338 +
"ip:10.100" 7 0.007752 0.000035 0.103898 +
"from:gmail.com" 468 0.023256 0.002688 0.105103 +
"rcvd:mx.google.com" 161 0.007752 0.000925 0.110885 +
"ip:83" 4109 0.116279 0.023668 0.169277 +
"rcvd:Tue" 10193 0.155039 0.058813 0.275068 +
"head:plain" 44926 0.511628 0.259347 0.336399 +
"head:charset" 53440 0.550388 0.308539 0.359223 +
"head:Content-Transfer-Encoding" 53399 0.496124 0.308343 0.383296 +
"head:bit" 49291 0.434109 0.284640 0.396030 +
"head:bit" 49291 0.434109 0.284640 0.396030 +
"head:text" 65479 0.542636 0.378146 0.410685 -
"head:X-Mailer" 140891 0.643411 0.814046 0.558540 -
"head:MIME-Version" 172213 0.697674 0.995086 0.587849 -
"head:Message-ID" 157041 0.573643 0.907465 0.612694 +
"head:X-Priority" 154549 0.310078 0.893255 0.742318 +
"head:footbolka.ru" 171639 0.333333 0.992039 0.748499 +
"head:Bat!" 28172 0.054264 0.162829 0.750046 +
"head:The" 28187 0.054264 0.162916 0.750146 +
"head:Content-Type" 0 -------- -------- 0.800000 i
"head:Date" 0 -------- -------- 0.800000 i
"head:Delivered-To" 0 -------- -------- 0.800000 i
"rcvd:HELO" 0 -------- -------- 0.800000 i
"rcvd:SMTP" 0 -------- -------- 0.800000 i
"rcvd:from" 0 -------- -------- 0.800000 i
"rcvd:invoked" 0 -------- -------- 0.800000 i
"rcvd:network" 0 -------- -------- 0.800000 i
"rcvd:qmail" 0 -------- -------- 0.800000 i
"rcvd:unknown" 0 -------- -------- 0.800000 i
"rcvd:with" 0 -------- -------- 0.800000 i
"head:Normal" 154336 0.178295 0.892122 0.833434 +
"from:austincaseypr" 6 0.000000 0.000035 0.971429 +
"head:FWJ" 6 0.000000 0.000035 0.971429 +
"head:KJcpJtNLTOtSbHh8xvpsm" 6 0.000000 0.000035 0.971429 +
"head:Kqjbv1QfqUJi" 6 0.000000 0.000035 0.971429 +
"head:LrYFq" 6 0.000000 0.000035 0.971429 +
"head:NBxPeXAG0zD" 6 0.000000 0.000035 0.971429 +
"head:PaPv3Kenj3xQjRHoc5U" 6 0.000000 0.000035 0.971429 +
"head:UPY8" 6 0.000000 0.000035 0.971429 +
"head:cb604CqK3" 6 0.000000 0.000035 0.971429 +
"head:e8A4GONoTD" 6 0.000000 0.000035 0.971429 +
"head:gZJRdBw0Z" 6 0.000000 0.000035 0.971429 +
"head:jVvEQXf3c3toT9CREnvQ9i" 6 0.000000 0.000035 0.971429 +
"head:n1y8h3KI1FORnBu" 6 0.000000 0.000035 0.971429 +
"head:rx2WIMPc6ulIGEXkplkyfHrFG" 6 0.000000 0.000035 0.971429 +
"ip:10.100.46" 6 0.000000 0.000035 0.971429 +
"ip:10.100.46.10" 6 0.000000 0.000035 0.971429 +
"ip:209.85.217" 6 0.000000 0.000035 0.971429 +
"ip:209.85.217.23" 6 0.000000 0.000035 0.971429 +
"ip:83.22.211" 6 0.000000 0.000035 0.971429 +
"ip:83.22.211.230" 6 0.000000 0.000035 0.971429 +
"rcvd:gxk4" 6 0.000000 0.000035 0.971429 +
"rcvd:mail-gx0-f23.google.com" 6 0.000000 0.000035 0.971429 +
"rtrn:austincaseypr" 6 0.000000 0.000035 0.971429 +
"to:stroytelecom.ru" 6 0.000000 0.000035 0.971429 +
"пп╟яп╦яяп╨п╬п╣яп╬яяп╣" 6 0.000000 0.000035 0.971429 +
"п║п╢п╟п╪яп╨п╩п╟п╢" 6 0.000000 0.000035 0.971429 +
"п╠п╣п╥пп║" 6 0.000000 0.000035 0.971429 +
"п╨п╪.п╬яппп" 6 0.000000 0.000035 0.971429 +
"п╬я
п╦я90п╨п╡.п╪" 6 0.000000 0.000035 0.971429 +
"яяп╠п╩п╣п╧п╥п╟1п╨п╡.п╪" 6 0.000000 0.000035 0.971429 +
"subj:яп╢п╟п╪" 7 0.000000 0.000040 0.975000 +
"п╬яп╟п©п╩п╦п╡п╟п╣п╪яп╧" 7 0.000000 0.000040 0.975000 +
"яп©яп╬яп╣п╫п╨п╟" 7 0.000000 0.000040 0.975000 +
"head:x-mailer" 8 0.000000 0.000046 0.977778 +
"head:x-priority" 8 0.000000 0.000046 0.977778 +
"head:content-transfer-encoding" 9 0.000000 0.000052 0.980000 +
"ip:83.22" 121 0.000000 0.000700 0.998361 +
"subj:яп╨п╩п╟п╢" 409 0.000000 0.002365 0.999512 +
"from:пп╡пЁп╣п╫п╦п╧" 612 0.000000 0.003538 0.999674 +
"яп╣п╩п╣я
п╬п╫п╟" 1231 0.000000 0.007117 0.999838 +
"head:v3.5" 1327 0.000000 0.007672 0.999849 +
"head:Home" 7225 0.000000 0.041770 0.999972 +
N_P_Q_S_s_x_md 101 0.000000 0.008096 0.504048
1.000000 0.800000 0.100000
Spam letter is attached.
--
Dmitry
More information about the Bogofilter
mailing list