On Fri, Jan 30, 2004 at 01:10:52PM -0500, Bob George wrote:
> While I like to think they're slaving away trying to come up with
> stuff that's almost-but-not-completely-totally-unlike-spam
> manually, I suspect it's automated by now.
It must be; yesterday I got a spam, where every word
*including*
On Tue, Jan 27, 2004 at 11:56:45AM -0800, Gary Funck wrote:
>
> Attached is a perl script, expand_regex.pl, which will accept
> an SA rules file on standard input and will by default output
> the expansions of those rules, taking into account regex
> factoring due to parentheses. When invoked with
On Thu, Jan 22, 2004 at 09:53:23AM -0600, Jack L. Stone wrote:
> Theo and/or anyone -- please help if you know the answer. I would like to
> keep using this function now disabled.
>
> BTW: here are a few of the errors that appeared every few mins:
> Jan 22 04:59:54 sage-american /kernel: pid 810 (
This answer does NOT really relate to bayes!
But nevertheless to a typical 'out of memory'.
On Tue, Jan 20, 2004 at 01:43:30PM +0100, Daniele Nicolodi wrote:
> I have also tryed to upgrade to sa 2.62 and convert the old db format to
> the new one but sa fill all my memory, and conseguently is kill
Hi!
Does somebody have/know a rule to catch 'unnecessary encodings'?
I saw a mail with the following subject:
ENCODED: Subject: =?ISO-8859-1?B?RG8geW91cnNlbGYgYSBmYXZvciEgTG9vayBhdCB0aGlz?=
REAL:Subject: Do yourself a favor! Look at this
As there isn't any 'non standard ascii' in the text
On Wed, Jan 14, 2004 at 10:39:15AM -0800, Andreas Stollar wrote:
> Seems like any attachment, especially a binary such as a pdf would go over
> the maximum size to be scanned by SA. This must have been one tiny pdf, or
> you have set your SA instance to scan messages over the max size (default
> 25
On Tue, Jan 13, 2004 at 08:36:56PM -0500, Tim B wrote:
> Excellent News!
> Chris Santerre wrote:
...
> > Tripwire has taken OBFU to the next level! It searches for 3
> >characters that shouldn't be together. This is based on the English
> >language.
Well, it might be very useful, but has someb
Hi!
I just found a perfectly legitimate E-Mail
which neighter contained Spam-Text nor any html
in my Spambox, hit by two 'ofsucation checks'.
One I had generated with https://sandgnat.com/cmos/cmos.jsp
in response to the ever increasing use of the Word 'curn',
the other checks for 'too long or sh
To throw oil into the flames:
On Wed, Dec 03, 2003 at 08:10:17PM -0500, Carl R. Friend wrote:
>"Why are we hiding from the police, daddy?"
>
>"Because we use vi, son, and they use emacs."
Why not use 'vim' (multi window / multi file / macrolanguage / ... )
All luxuries included, and no n
Hi
I just got a spam message which fakes two links 'into yahoo.com'
by using an unrestricted redirector on a yahoo webserver.
I think I have seen those a while ago.
Did somebody create/collect 'uri-rules' for known redirectors
which can be abused this way?
I created the following rule for them
On Wed, Nov 05, 2003 at 09:41:05AM +0100, me& wrote:
> When I check out the 'source' of the mail I can see this :
>
> From: [EMAIL PROTECTED]
> Bcc:
> Date: Wed, 05 Nov 2003 09:26:41 +0100
>
> >From [EMAIL PROTECTED] Wed Nov 5 09:26:41 2003
> the rest of all the headers and the actual mail
On Fri, Oct 17, 2003 at 01:36:30PM -0400, Jack Gostl wrote:
> ... I ran out of space in the file system while doing an
> sa-learn, and that was that.
I got rid of that by creating a cronjob which does
the sa-learn often enough to let the journal grow
only for a while. So it no more flooded the d
On Fri, Oct 10, 2003 at 04:56:56PM -0400, Larry Gilson wrote:
> As an > example, an exact count would be matched if I omit the comma.
> /\w{5}/ will match exactly five word characters.
Definitely yes.
> Now if I modify that as /\w{5}?/, I believe that means zero or
> one occurance of five word cha
On Mon, Oct 06, 2003 at 06:29:17PM -0300, Eduardo Gargiulo wrote:
> QMAILQUEUE="/usr/local/bin/spamassassin -P" export QMAILQUEUE
...
> but the messages are not delivered. The logs says "unable to exec qq".
Is eem to remember, that the QMAILQUEUE-Variable does not
contain a program's 'call' but ON
On Tue, Sep 23, 2003 at 07:16:47AM -0500, Philip Mak wrote:
...
> Unfortunately, sometimes one of these virus e-mails passes through a
> virus-stripping SMTP that removes the virused attachment, leaving the
> rest of the (junk) message. These messages end up passing through the
> ClamAV filter sinc
On Thu, Sep 18, 2003 at 05:47:36PM -0700, Robert Menschel wrote:
...
> something they want to teach SA about, they simply move or copy the email
> to that webmail folder. I then have a cron job which scans these folders
> once an hour, and feeds any non-empty folders into sa-learn.
Isnt't this a
So may be something like this hit us too...
On Fri, Sep 12, 2003 at 02:57:14PM -0400, Scott Lambert wrote:
> If spamc can't connect to spamd, (all slots full on the spamd server),
> it just passes the message through. If spamd dies while running under
> something like DJB's daemontools, one to se
On Fri, Jul 25, 2003 at 04:41:54PM -0400, Daniel Carrera wrote:
> -BEGIN PGP SIGNED MESSAGE-
> body MY_CONSONANT_4 /[^aeiou]{4}/
> describe MY_CONSONANT_4 Body contains 4 consecutive consonants.
> score MY_CONSONANT_4 0.15
The pattern might be dangerous for french, chinese,
or
On Thu, Jul 10, 2003 at 01:54:07PM -0400, Matt Kettler wrote:
> body LOCAL_SHOCKING_PHOTOS /\bsh(?:0|o)c(?:1|i)ng ph(?:0|o)t(?:0|o)(?:s|z)/i
Did I miss something in the docs?
I'd have written this (witch char classes) as:
body LOCAL_SHOCKING_PHOTOS /\bsh[0o]ck[1i]ng ph[0o]t[0o][sz]/i
(by the wa
On Sat, Jun 28, 2003 at 04:29:37PM -0600, Benjamin A. Shelton wrote:
> That's exactly what I was concerned about, Tony: Where does it stop?
The real poblem will be: 'it never stops'. As long as people do
react irrationally on rational Questions and as long as the
'what I avoid to see can't anger
On Thu, Jun 12, 2003 at 09:50:38AM -0500, Mike Scheidler wrote:
> (gone for over 4 years) is most likely spam. The second rule assumes that
> mail addressed to people who have been gone from the company for years is
> spam. Even though their accounts no longer exist, this rule flags those
> multi
21 matches
Mail list logo
