cannot filter virus letters
Dmitry
vdb at mail.ru
Sat Jan 24 02:18:29 CET 2009
Hello!
I get a lot of messages like this:
===============
From: a at dfe013-.0
To: info at office.tld
Subject: Re: Re: approved
Date: Fri, 23 Jan 2009 17:31:11 +0300
X-Priority: 3
X-MSMail-Priority: Normal
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0,1K --]
Your document is attached.
[-- Attachment #2: application.pif --]
[-- Type: application/octet-stream, Encoding: base64, Size: 39K --]
===============
Spamicity: U 0.502212
After training with the command `bogofilter -s < virus-letter` spamicity is
still very low to be identified as spam. I repeat training with similar
letters (different subject, different document name in the attachment),
but nothing helps to stop this kind of spam.
This is the output of the command `bogofilter -vvv`:
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.519097, version=1.1.5
n pgood pbad fw U
"document" 2 0.021739 0.000065 0.007563 +
"rcvd:lovepresent.ru" 90 0.500000 0.004387 0.008798 +
"mime:attachment" 28 0.065217 0.001637 0.024797 +
"mime:application" 20 0.043478 0.001178 0.026829 +
"mime:Content-Disposition" 33 0.065217 0.001964 0.029501 +
"head:mixed" 75 0.065217 0.004714 0.067515 +
"to:info" 1164 0.673913 0.074178 0.099163 +
"head:office-info" 1434 0.739130 0.091659 0.110333 +
"ip:195" 193 0.086957 0.012374 0.124610 +
"mime:base64" 1074 0.152174 0.069857 0.314632 -
"head:Date" 14407 1.000000 0.940225 0.484596 -
"head:Delivered-To" 15320 1.000000 1.000000 0.500000 -
"head:lovepresent.ru" 15320 1.000000 1.000000 0.500000 -
"rcvd:invoked" 15320 1.000000 1.000000 0.500000 -
"rcvd:qmail" 15320 1.000000 1.000000 0.500000 -
"head:Content-Type" 15296 0.956522 0.998560 0.510751 -
"to:office.tld" 15201 0.934783 0.992405 0.514950 -
"head:MIME-Version" 15146 0.847826 0.989066 0.538445 -
"rcvd:HELO" 15302 0.826087 0.999345 0.547457 -
"rcvd:SMTP" 15302 0.826087 0.999345 0.547457 -
"rcvd:from" 15302 0.826087 0.999345 0.547457 -
"rcvd:network" 15302 0.826087 0.999345 0.547457 -
"rcvd:unknown" 15302 0.826087 0.999345 0.547457 -
"rcvd:with" 15302 0.826087 0.999345 0.547457 -
"message" 9647 0.434783 0.630287 0.591780 -
"This" 9677 0.413043 0.632316 0.604879 -
"MIME" 9608 0.347826 0.627995 0.643555 -
"mime:plain" 10433 0.369565 0.681943 0.648538 -
"mime:Content-Transfer-Encoding" 10494 0.369565 0.685937 0.649868 -
"mime:charset" 10494 0.369565 0.685937 0.649868 -
"mime:Content-Type" 10496 0.369565 0.686068 0.649911 -
"mime:text" 10497 0.369565 0.686133 0.649933 -
"head:multipart" 10839 0.369565 0.708524 0.657203 -
"format" 9606 0.326087 0.627930 0.658196 -
"multi-part" 9607 0.326087 0.627995 0.658219 -
"head:X-Priority" 14064 0.434783 0.919471 0.678950 -
"head:Normal" 14019 0.195652 0.917245 0.824195 -
"head:X-MSMail-Priority" 10745 0.130435 0.703090 0.843514 -
"rcvd:Jan" 14800 0.173913 0.968443 0.847759 -
"from:dfe013-.0" 1 0.000000 0.000065 0.991605 +
"mime:application.pif" 1 0.000000 0.000065 0.991605 +
"rtrn:dfe013-.0" 1 0.000000 0.000065 0.991605 +
"subj:approved" 1 0.000000 0.000065 0.991605 +
"ip:195.182.154" 6 0.000000 0.000393 0.998580 +
"ip:195.182.154.114" 6 0.000000 0.000393 0.998580 +
"ip:195.182" 8 0.000000 0.000524 0.998934 +
"Your" 9 0.000000 0.000589 0.999053 +
"attached" 9 0.000000 0.000589 0.999053 +
"mime:Windows-1252" 10 0.000000 0.000655 0.999147 +
"mime:octet-stream" 16 0.000000 0.001048 0.999467 +
"mime:bit" 799 0.000000 0.052311 0.999989 +
N_P_Q_S_s_x_md 21 0.000000 0.038195 0.519097
0.017800 0.520000 0.375000
--
Dmitry
More information about the Bogofilter
mailing list