Hi,
Sometimes I get spam that has been classified correctly in spamaassin as
spam, but simscan classifies it with a score different from that
processed by the spamd process. Sorry for my English, but I'll try to
explain .. :)
Here's an example:
spamd.log --> Here we see an email that was classified by the spamd
process as suspect (score 14)
2017-03-13 18:10:48.998753500 Mon Mar 13 18:10:48 2017 [23159] info:
spamd: processing message
<20170313204338.06E7118C36B4@vmi108295.contaboserver.net> for qscand:1001
2017-03-13 18:10:51.668508500 Mon Mar 13 18:10:51 2017 [23159] info:
spamd: identified spam (14.5/5.0) for qscand:1001 in 2.7 seconds, 64622
bytes.
2017-03-13 18:10:51.668685500 [23159] info: spamd: result: Y 14 -
BAYES_99,DCC_CHECK,HTML_MIME_NO_HTML_TAG,JAMEF_SUBJ_BOLETO_FATURA,JAMEF_ZIP_ATTACHED,MIME_HTML_ONLY,RDNS_NONE,TROJAN_JAMEF_ZIP,TVD_SPACE_RATIO
scantime=2.7,size=64622,user=qscand,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57553,mid=<20170313204338.06E7118C36B4@vmi108295.contaboserver.net>,bayes=0.999667,autolearn=spam
simscan.log --> However, here we see that the same email, in the simscan
log, received 0/0
2017-03-13 18:10:51.677616500 simscan:[25948]:CLEAN
(0.00/0.00):3.8362s::213.136.86.230:financeiro@admconsultoria.com.br:user@mydomain.com
So I saved the email and executed the command simscam manually (at
command line, as below) with DEBUG option. Note that it also ranked
the same as spam, as it should be:
# env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
/var/qmail/bin/qmail-inject user@mydomain.com < savedspam.txt
<cut>
simscan: calling /usr/bin/spamc spamc -s 1500000
simscan:[16216]:SPAM DROPPED (14.50/5.00):2.8341s:2.via
Boleto:(null):user@server.mydomain.com:user@mydomain.com
simscan: check_spam detected spam refuse message
simscan: Putting the message in quarantine:
/var/qmail/quarantine/msg.1489441975.579680.16217
simscan: Message recorded in quarantine successful
simscan: droping the message
simscan: exit error code: 0
<cut>
So I do not know where else to check for why simscan running
automatically sometimes can not classify a spam, and manually, running
the same command manually, works fine... Strange...
I've enabled the DEBUG option in qmail-smtp.rules (SIMSCAN_DEBUG = "2"),
but I saw nothing abnormal, no error or things like ... I'm going crazy
here ...
Any tips? I really appreciate any hint!!
More information:
simscan version 1.4.0
compile options:
./configure --enable-user=abc --enable-spam=y --enable-spam-hits=5
--enable-clamav=y --enable-clamdscan=/usr/bin/clamdscan
--enable-clamavdb-path=/var/lib/clamav
--enable-workdir=/var/qmail/simscan/work/
--enable-quarantinedir=/var/qmail/simscan/quarantine/ --enable-dropmsg=y
--enable-spamc-args="-s 1500000" --enable-ripmime=/usr/bin/ripmime
--enable-attach=y --enable-per-domain=y
Sometimes I get spam that has been classified correctly in spamaassin as
spam, but simscan classifies it with a score different from that
processed by the spamd process. Sorry for my English, but I'll try to
explain .. :)
Here's an example:
spamd.log --> Here we see an email that was classified by the spamd
process as suspect (score 14)
2017-03-13 18:10:48.998753500 Mon Mar 13 18:10:48 2017 [23159] info:
spamd: processing message
<20170313204338.06E7118C36B4@vmi108295.contaboserver.net> for qscand:1001
2017-03-13 18:10:51.668508500 Mon Mar 13 18:10:51 2017 [23159] info:
spamd: identified spam (14.5/5.0) for qscand:1001 in 2.7 seconds, 64622
bytes.
2017-03-13 18:10:51.668685500 [23159] info: spamd: result: Y 14 -
BAYES_99,DCC_CHECK,HTML_MIME_NO_HTML_TAG,JAMEF_SUBJ_BOLETO_FATURA,JAMEF_ZIP_ATTACHED,MIME_HTML_ONLY,RDNS_NONE,TROJAN_JAMEF_ZIP,TVD_SPACE_RATIO
scantime=2.7,size=64622,user=qscand,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57553,mid=<20170313204338.06E7118C36B4@vmi108295.contaboserver.net>,bayes=0.999667,autolearn=spam
simscan.log --> However, here we see that the same email, in the simscan
log, received 0/0
2017-03-13 18:10:51.677616500 simscan:[25948]:CLEAN
(0.00/0.00):3.8362s::213.136.86.230:financeiro@admconsultoria.com.br:user@mydomain.com
So I saved the email and executed the command simscam manually (at
command line, as below) with DEBUG option. Note that it also ranked
the same as spam, as it should be:
# env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
/var/qmail/bin/qmail-inject user@mydomain.com < savedspam.txt
<cut>
simscan: calling /usr/bin/spamc spamc -s 1500000
simscan:[16216]:SPAM DROPPED (14.50/5.00):2.8341s:2.via
Boleto:(null):user@server.mydomain.com:user@mydomain.com
simscan: check_spam detected spam refuse message
simscan: Putting the message in quarantine:
/var/qmail/quarantine/msg.1489441975.579680.16217
simscan: Message recorded in quarantine successful
simscan: droping the message
simscan: exit error code: 0
<cut>
So I do not know where else to check for why simscan running
automatically sometimes can not classify a spam, and manually, running
the same command manually, works fine... Strange...
I've enabled the DEBUG option in qmail-smtp.rules (SIMSCAN_DEBUG = "2"),
but I saw nothing abnormal, no error or things like ... I'm going crazy
here ...
Any tips? I really appreciate any hint!!
More information:
simscan version 1.4.0
compile options:
./configure --enable-user=abc --enable-spam=y --enable-spam-hits=5
--enable-clamav=y --enable-clamdscan=/usr/bin/clamdscan
--enable-clamavdb-path=/var/lib/clamav
--enable-workdir=/var/qmail/simscan/work/
--enable-quarantinedir=/var/qmail/simscan/quarantine/ --enable-dropmsg=y
--enable-spamc-args="-s 1500000" --enable-ripmime=/usr/bin/ripmime
--enable-attach=y --enable-per-domain=y