Beitragvon BlackWinny » 7. Jun 2009, 22:55

Hi Michel
Hi everyone !

I've observed that the function "Words of spam" watches only in the "Subject" field. The result is that a spam like this one below as been considered as no spam :

Code: Alles auswählen
Return-Path: <Beatrice.Blackmon@fds.com>
Received: from mwinf2115.orange.fr (mwinf2115.orange.fr)
   by mwinb1208 (SMTP Server) with LMTP; Sun, 07 Jun 2009 05:26:47 +0200
X-Sieve: Server Sieve 2.2
X-Bcc: my-own-address@my-provider
Received: from smtp21.orange.fr (mwinf2116 [])
   by mwinf2115.orange.fr (SMTP Server) with ESMTP id 1581F1C0026F;
   Sun,  7 Jun 2009 05:26:47 +0200 (CEST)
Received: from me-wanadoo.net (localhost [])
   by mwinf2116.orange.fr (SMTP Server) with ESMTP id EF9C31C00098;
   Sun,  7 Jun 2009 05:26:46 +0200 (CEST)
Received: from 201-1-2-114.dsl.telesp.net.br (201-1-2-114.dsl.telesp.net.br [])
   by mwinf2116.orange.fr (SMTP Server) with SMTP id B81F41C0009F;
   Sun,  7 Jun 2009 05:26:03 +0200 (CEST)
X-ME-UUID: 20090607032605754.B81F41C0009F@mwinf2116.orange.fr
Message-ID: <DOZIOBBYPHZIKHLYXWLMR@malaysia.net>
[b]From: "* POLICY VIOLATION ! * ® Official Site" <Beatrice.Blackmon@fds.com>
Reply-To: "* POLICY VIOLATION ! * ® Official Site" <Beatrice.Blackmon@fds.com>[/b]
To: someone-else@a-provider
Subject: *** SPAM ***RE: Avez-vous de vendre du Tamiflu?
Date: Sat, 06 Jun 2009 23:26:17 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-me-spamlevel: med
X-me-spamrating: 92.949997
X-me-spamcause:  OK, (385)(1000)gggruggvucftvghtrhhoucdtuddrvdekfedrtddvucetggdotefuucfrrhhofhhilhgvmecuoffgnecuuegrihhlohhuthemuceftddtnecukffpggfkuffkuefngfcutefpvffkueetjgfgufculddufedtmdensghonhhjohhurhculddqvdehmdenvhhirghgrhgrpedishcuihhnuchsvghnuggvrhculddutddtmdenkfhnvhhishhisghlvgcufihorhgushculddukedtmd
X-Antivirus: avast! (VPS 090607-0, 07/06/2009), Inbound message
X-Antivirus-Status: Clean

So the sensible word ("* POLICY VIOLATION ! *", which is set to 100% in my profile) passed through the scan and the message has been sent to the mailer. As a result of fact I think that the best should be to scan for words also in the "sender" field (not only the address but also the identifiant)... and in the Reply-To field. Even if it introduces a little loss of time on the filter by Spamihilator.

That's a suggestion which could evolve the software for a next version, don't you think so ?

Hum... in the copy of the header above you see "* POLICY VIOLATION !*". I think it's due to a function of the engine of the forum. And precisely it's the part which is sensible ! The real string here is... "V [...] ® Official Site", which IS the part badly scanned.

V [...] beeing written without the spaces (the real word seems effectively filtered by the forum)

Kind regard !
(in France)

(Posting revised by Chactory. I have put the spam mail into code tags, because we don't want to have spam text in the forum articles. I have deleted the spam word, which is not wanted as clear text in this forum. :wink:)
Beitragvon Chactory » 7. Jun 2009, 23:40

Hi Jacques!

Thank you very much for your contribution. :) We have discussed this issue just a few days ago. You're completely right with your feature request. As far as I read the todo list (item 14) right, Michel Krämer, the program author of Spamihilator, is going to implement this into one of the next distributions of Spamihilator. 8)

Regards, Chactory
