I don't think so, I believe it is looking for patterns in a message as spam indicators. And just using the virus engine to quarantine it. Although I am not 100% sure about this, there would be no harm in commenting out SKIPEXT JPG
David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, October 12, 2006 4:37 PM To: [email protected] Subject: Re: [Declude.JunkMail] picture spam David, Normally I SKIPEXT JPG in virus.cfg. Would I have to remove that line to use this? ----- Original Message ----- From: "David Barker" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, October 12, 2006 2:27 PM Subject: RE: [Declude.JunkMail] picture spam > Hey guys, here is another option to consider, using ClamAV > http://www.msrbl.com/site/msrblimagesdownload > > David Barker > Director of Product Development > Your Email security is our business > 978.499.2933 office > 978.988.1311 fax > [EMAIL PROTECTED] > > > ________________________________ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Thursday, October 12, 2006 3:19 PM > To: [email protected] > Subject: Re: [Declude.JunkMail] picture spam > > > Let me jump in here for a moment. > > Chris, CommTouch has a very high false positive rate (around 2% based on > what I saw, but those aren't my numbers), and for those of us with very > tight systems (we achieve over 99.85% block rates on all but a few > domains, > based on manual review and not assumptions), and have no real issues with > image spam because we have sufficient filtering set up to tag this stuff > reliably, adding CommTouch would not be a positive for our system. I and > most others in my position do use Sniffer however, and it tags more spam > and > has fewer false positives than what some tests have shown with CommTouch. > Custom filters and even ClamAV can stop this stuff with a lot of ease. > Pre-scanning gateways with greylisting and tarpitting decimate most > zombies > with as near to a 100% accuracy rate as you can get. I haven't had an > image > spam reported to me in months. > > CommTouch is probably a fine solution for those that have no interest in > administrating a system and who don't care much about the false positives > on > bulk mail. For those of us that generate revenue directly from E-mail > services, we not only don't have the option to use it, but we would also > be > wise to weight it low if we did, especially since the FP issues between > various tests do compound and it is difficult to manage FP's...much more > difficult than it is to manage spam blocking. > > Scott Fisher posted his method for adding points to image spam, and if > implemented properly, this is very effective on a plain vanilla Declude > install and won't have a large false positive issue. So if you want an > opinion from someone that has been dealing with this for years and has > found > success, the proper answer to image spam is to use a prescanning gateway > with selective greylisting and tarpitting, and filter for the technical > heuristics associated with image spam using the tools available within > Declude, and add Sniffer because it is the best content scanning tool > available. > > You guys should have made a deal with Pete instead of CommTouch. Sniffer > blows it out of the water and he has no licensing restrictions. IMO of > course. > > Matt > > > > chris wrote: > > The option is there, lets not kid ourselves, for you issue is cost, > I can understand that.. > > Chris > > > ________________________________ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of John T (Lists) > Sent: Thursday, October 12, 2006 1:16 PM > To: [email protected] > Subject: RE: [Declude.JunkMail] picture spam > > Chris, you need to learn what your company is doing. > > As a hosting service provider, I am specifically prevented > from using CommTouch unless I want to spend several thousand dollars using > the Declude gateway product. > > $195 is quite acceptable if I was allowed to pay it. > > Sorry to burst your bubble but I am not being allowed the > option to implement or not. > > John T > > eServices For You > > "Seek, and ye shall find!" > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > chris > Sent: Thursday, October 12, 2006 7:11 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] picture spam > > A one time cost of 195.00 is not a large portion of your > revenue and it is your option to not implement this or not. > > Chris > > > ________________________________ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Markus Gufler > Sent: Thursday, October 12, 2006 9:57 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] picture spam > > ...and give a large part of our revenue to Commtouch? > > Provide a feasible way to justify the additional costs for > our existing customers and service contracts! > > THEN we could talk about Commtouch. > > BTW: even if it's hard work to maintain a reliable spam > filter it's not an impossible thing. years of contribution from our own > researches, creation of text filters, publication of new spam and filter > signs, developement of - in declude long time and still missing - > additional > external tests allowed and still allows us to have reliable filters and no > image spam in my inbox. The question is why Declude has become a > competitor > of our work from what it was some years ago: an excellent tool for us > admins > to do our own hard work. > > Looking at your pricing I can see anywhere limitations based > on users. What if I have a single gatewayed domain? > > Markus > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of chris > Sent: Thursday, October 12, 2006 3:15 PM > To: [email protected] > Subject: RE: [Declude.JunkMail] picture spam > > Guys, Commtouch hasn't missed any, stop making things hard > on yourselves... > > Chris > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher > Sent: Wednesday, October 11, 2006 5:17 PM > To: [email protected] > Subject: Re: [Declude.JunkMail] picture spam > > Sorbs-DUL and NJABL Dynablock look to be the > best. Although they miss lots. > > 5-10's has been discontinued. > > ----- Original Message ----- > > From: Dave Marchette > <mailto:[EMAIL PROTECTED]> > > To: [email protected] > > Sent: Wednesday, October 11, 2006 3:53 PM > > Subject: RE: [Declude.JunkMail] picture spam > > Thanks all for the various > suggestions. Agreed- combo is the way to use that test, for sure. A bit > OT, but what is the popular and accurate DUL database these days? How > accurate is fiveten at DUL lookups? > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher > Sent: Wednesday, October 11, 2006 12:49 PM > To: [email protected] > Subject: Re: [Declude.JunkMail] picture spam > > I combo the graphics hit > (jpg, gif or png) with: > > 1. bad DNS - None or > timeout > > 2. bad language (eastern > European iso-8859-2) or Cyrillic (koi8-r or iso-8859-5), etc > > 3. cmdspace > > 4. good DUL IP lists/tests > > 5. having forged your local > domain. > > I still get 5-10 a day. It > is a pain. > > > ----- Original Message ----- > > From: Dave Marchette > <mailto:[EMAIL PROTECTED]> > > To: [email protected] > > Sent: Wednesday, October 11, 2006 12:08 PM > > Subject: [Declude.JunkMail] picture spam > > Has anyone > figured out a reasonable way to use Declude to minimize picture spam? > Sniffer is missing most. They are sent from fresh hosts, so RBL's don't > catch them, and there is no target, so INVuribl misses them as well. > Associates of ours are using Barracuda to stop most successfully, so it is > at least possible. Ideas are welcomed. > > Dave > > > > > --- > This E-mail came from the Declude.JunkMail > mailing list. To > unsubscribe, just send an E-mail to > [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The > archives can be found > at http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.JunkMail mailing > list. To > unsubscribe, just send an E-mail to > [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives > can be found > at http://www.mail-archive.com. > --- > This E-mail came from the Declude.JunkMail mailing > list. To > unsubscribe, just send an E-mail to > [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives > can be found > at http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], > and > type "unsubscribe Declude.JunkMail". The archives can be > found > at http://www.mail-archive.com. > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], > and > type "unsubscribe Declude.JunkMail". The archives can be > found > at http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
