Understanding the X-MessageSniffer-Scan-Result header when using Message Sniffer from the command line in Smartermail
When using Message Sniffer from the command line in Smartermail, a lot of people become confused by what they see in an email's headers. In the example header snip below, a lot of people mistake the Message Sniffer group scan result code for the score that Message Sniffer gives the message if triggered...
X-MessageSniffer-Scan-Result: 53
The number 53 that you see is not a score. It is a group scan result code. If you recall when you first set up Message Sniffer in Smartermail, you copied the entries that were in the snf-groups.cf provided by Arm Research and added them to your SpamAssassin local.cf file. The entries you added looked like this...
score SNF_SCAM 5
describe SNF_SCAM Phishing, 419, and other scam patterns
header SNF_SCAM X-MessageSniffer-Scan-Result =~ /53/
As you can see, the score for the SNF_SCAM test (scan result 53) is 5. That means that if a message triggers on the SNF_SCAM test, a score of 5 will be given, not 53.