MBF Knowledge Base

Understanding the X-MessageSniffer-Scan-Result header when using Message Sniffer from the command line in Smartermail

When using Message Sniffer from the command line in Smartermail, a lot of people become confused by what they see in an email's headers. In the example header snip below, a lot of people mistake the Message Sniffer group scan result code for the score that Message Sniffer gives the message if triggered...

X-MessageSniffer-Scan-Result: 53

The number 53 that you see is not a score. It is a group scan result code. If you recall when you first set up Message Sniffer in Smartermail, you copied the entries that were in the snf-groups.cf provided by Arm Research and added them to your SpamAssassin local.cf file. The entries you added looked like this...

score     SNF_SCAM           5
describe SNF_SCAM           Phishing, 419, and other scam patterns
header   SNF_SCAM           X-MessageSniffer-Scan-Result =~ /53/

As you can see, the score for the SNF_SCAM test (scan result 53) is 5. That means that if a message triggers on the SNF_SCAM test, a score of 5 will be given, not 53.