Rule Group Result Codes
Blacklisted Received [ip]
No patterns matched but GBUdb (IP reputation) statistics place this source IP in the "black" range. Virtually all messages from this source match spam or malware pattern rules. One or more of the Received IPs may match blacklist rules.
|Obfuscation Techniques||062||Patterns for obfuscation techniques.|
|Experimental Abstract||061||Abstract patterns for spam structures.|
|Ungrouped Black Rules||060||Rules that have not yet been categorized or that don't fit in a category.|
|Casinos & Gambling||059||Casino & Gaming / Sportsbook domains/links/promos.|
|Debt & Credit||058||Refinance, Get out of debt and credit offers.|
|Get Rich||057||Business opportunities, work at home offers, mlm, get rich on eBay, etc.|
|Ink & Toner||056||Ink, toner, printing supplies|
|Malware, Viruses, Attacks||055||The message contains potentially dangerous message content or known virii.
NOTE: This rule group is not designed for use as a (file based) virus scanner! The rules in this group do contain some signatures for known malware, however the majority of the rules in this group will trigger on combinations of content and message structures that detect malware even if there are no file signatures present. This system usually detects threats much sooner than conventional virus scanners but it is designed only for use in the context of scanning email.
|Porn/Adult||054||Pornography, Dating, 'organ' augmentation.|
|Scam Patterns||053||Scam patterns - Nigerian and variants + others such as fake eBay account verification requests.|
|Snake Oil||052||Online pharmacies, hgh, viagra, weight loss, no prescription needed.|
|Spamware||051||Email marketing services, bullet proof hosting, email databases.|
|Media Theft||050||Cable/Sattelite descramblers, copy any DVD, 'warez'.|
|Antivirus Push||049||Norton System Works and/or McAfee push spam + variations on the them|
|Insurance||048||All kinds of insurance quotes & spam.|
|Travel||047||All kinds of travel / vacation spam.|
|GBUdb Caution (suspicious)||040||No patterns matched, but GBUdb found the IP in the Caution range. There is a high (but not certain) expectation of spam from this IP. Most frequently this result indicates new spam coming from a relatively new spam-bot.|
|GBUdb Truncate (superblack)||020||GBUdb found the IP in the Truncate range. The pattern scan was terminated to save resources. The statistics indicate that it is virtually certain any messages coming from this IP are spam or malware.|
|Standard White Rules||000||Known legit content that _might_ be caught by other filters. In particular these rules counter for grey hosting rules or other rules that might be too broad. Since this is the "CORE" white rule set it must only contain rules that would be generally applicable to the entire subscriber base. Local white rules must go into local rule bases.|