antispamsniper.com Forum Index antispamsniper.com
The reliable anti-spam protection
 
 FAQFAQ   SearchSearch     ProfileProfile   Log inLog in   RegisterRegister 

Certain Spam slipping through the filter(DHL Tracking Numbr)

 
Post new topic   Reply to topic    antispamsniper.com Forum Index -> AntispamSniper for TheBat!
View previous topic :: View next topic  
Author Message
eMWu



Joined: 18 Sep 2009
Posts: 2

PostPosted: Fri Sep 18, 2009 8:48 am    Post subject: Certain Spam slipping through the filter(DHL Tracking Numbr) Reply with quote

For half a year now I've been noticing certain Spam not filtered by AntiSpamSniper. Using Bat 4.2.10.1 Home and ASS 3.2.1.1 (that abbreviation could get filtered Razz )
The messages look like this:
img19.imageshack.us/img19/3967/spamv.png
Here are 2 examples with headers:
Quote:
From songhai@resorthoppa.com Thu Sep 17 15:38:04 2009
Return-Path: <songhai@resorthoppa.com>
X-Original-To: XXXXXXXXXXXX
Delivered-To: XXXXXXXXXXXXX
Received: from XXXXXXXX (unknown [127.0.0.1])
by XXXXXXXXXXX (Postfix) with ESMTP id 9B4FCB000E4
for <XXXXXXXXXXXXXXXX>; Thu, 17 Sep 2009 20:38:04 +0000 (UTC)
Received: by XXXXXXXXXX (Postfix, from userid 110)
id 79E6CB000E6; Thu, 17 Sep 2009 20:38:04 +0000 (UTC)
X-Original-To: XXXXXXXXXXX
Delivered-To: XXXXXXXXX
Received: from XXXXXXXXX (unknown [127.0.0.1])
by XXXXXXXXX (Postfix) with ESMTP id C2D5CB000E4
for XXXXXXXXXX; Thu, 17 Sep 2009 20:38:00 +0000 (UTC)
Received: from 64-207-88-55.ppp-static.cust.door.net (unknown [64.207.88.55])
by XXXXXXXXXX (Postfix) with ESMTP
for <XXXXXXXXXX>; Thu, 17 Sep 2009 20:37:57 +0000 (UTC)
Received: from 64.207.88.55 by exchange.resorthoppa.com; Thu, 17 Sep 2009 15:36:10 -0600
Message-ID: <000d01ca37d6$7de43fc0$6400a8c0@songhai>
From: "DHL Express Services" <services@dhl-express.com>
To: <XXXXXXXXXXXXX>
Subject: DHL tracking number 9OSBEELJ
Date: Thu, 17 Sep 2009 15:36:10 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01CA37D6.7DE43FC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3338.1
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3338.1

Hello!

We failed to deliver the package you have sent on the 24th of July in time
because the recipient’s address is wrong.
Please print out the invoice copy attached and collect the package at our office.

DHL Express Services.


Quote:
From drenchfd48@skribbles.com Thu Aug 6 12:49:01 2009
Return-Path: <drenchfd48@skribbles.com>
X-Original-To: XXXXXXXXXXX
Delivered-To: XXXXXXXXXX
Received: from XXXXXXXXXX (unknown [127.0.0.1])
by XXXXXXXXXX (Postfix) with ESMTP id 0E4F3B0008D
for <XXXXXXXXXX>; Thu, 6 Aug 2009 17:49:01 +0000 (UTC)
Received: by XXXXXXXXXX (Postfix, from userid 110)
id 02807B00097; Thu, 6 Aug 2009 17:49:01 +0000 (UTC)
X-Original-To: XXXXXXXXXX
Delivered-To: XXXXXXXXXX
Received: from XXXXXXXXXX(unknown [127.0.0.1])
by pXXXXXXXXXX (Postfix) with ESMTP id 40134B0008D
for <XXXXXXXXXX>; Thu, 6 Aug 2009 17:48:56 +0000 (UTC)
Received: from c227121.adsl.hansenet.de (unknown [213.39.227.121])
by XXXXXXXXXX (Postfix) with ESMTP
for <XXXXXXXXXX>; Thu, 6 Aug 2009 17:48:55 +0000 (UTC)
Received: from 213.39.227.121 by mail.skribbles.com; Thu, 6 Aug 2009 22:17:51 +0430
Message-ID: <000d01ca16be$04f2aa90$6400a8c0@drenchfd48>
From: "Jessie Culver" <drenchfd48@skribbles.com>
To: <XXXXXXXXXX>
Subject: UPS Tracking Number 0I7PKL2
Date: Thu, 6 Aug 2009 22:17:51 +0430
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01CA16BE.04F2AA90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Antivirus: avast! (VPS 090806-0, 06.08.2009), Outbound message
X-Antivirus-Status: Clean

Hello!

We failed to deliver the package sent on the 13th of July in time
because the recipient’s address is erroneous.
Please print out the invoice copy attached and collect the package at our department.

Your United Parcel Service of America

(the XXXXXXXXXX were added my me for privacy)

Each of them contain 20 to 50kB zip file with an exe inside.

Other than that ASS works fine, filtering plenty of spam, so I'm wondering why these messages aren't filtered.
Back to top
View user's profile Send private message
vetaltm
Author


Joined: 05 Feb 2006
Posts: 661

PostPosted: Fri Sep 18, 2009 12:36 pm    Post subject: Reply with quote

By default the plug-in has "zip" in the list of exceptions (Filtering | Exceptions | File types), and doesn't filter the messages with zip attachments. To avoid filtering mistakes remove this extension from list.
Back to top
View user's profile Send private message Send e-mail
eMWu



Joined: 18 Sep 2009
Posts: 2

PostPosted: Fri Sep 18, 2009 7:18 pm    Post subject: Reply with quote

Embarassed I feel stupid now.
Thanks for the info!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    antispamsniper.com Forum Index -> AntispamSniper for TheBat! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group