spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RW <>
Subject PHP eval()'d code
Date Thu, 26 May 2016 18:50:15 GMT

I noticed that Bayes is picking-up on very strong tokens from "eval" and
"code" in headers like this:

   X-PHP-Originating-Script: 1013:global.php(1938) : eval()'d code

The "eval()'d code" part is in just over 2% of my spam, but it's
never occurred in a single ham in my corpus. 

The spams seem to be coming from exploited web-servers, and I'm
wondering if it might be a symptom of the exploit.

View raw message