Spam delivered although it should be discarded

[Cedric Knight]

On 26/02/13 09:19, Nikolaos Milas wrote:
>    $final_virus_destiny = D_DISCARD;

> So, I would expect the message with the following headers to be
> discarded, but it was delivered:

> X-Spam-Status: Yes, score=7.287 tagged_above=-999 required=6.31
>     tests=[AV:Doppelstern.Scam4.4628.UNOFFICIAL=5, DKIM_SIGNED=0.1,

> Can someone please explain why this mail was delivered and how should I
> avoid delivering spam? (Normally, I have it quarantined.)

What's your value of $sa_kill_level_deflt ?

In Debian default at least, a score of 7.287 reaches
$sa_tag2_level_deflt (4.0) so gets marked, but not $sa_kill_level_deflt
(10.0), so it won't get discarded (unless you do it later based on the
X-Spam headers, for example in procmail).

I'd suggest adding some SpamAssassin rules that catch it better.  Maybe try
* updating SpamAssassin;
* sa-update;
* check the SpamAssassin users list;
* see if ADVANCE_FEE_2_NEW rules are hitting anything;
* add your own scam rules;
* increase the value for Doppelstern.Scam4 in
@virus_name_to_spam_score_maps; or
* add more signatures in clamav-unofficial-updates.

Hope that helps

C