On Wed, 28 Jan 2004 [EMAIL PROTECTED] wrote:
> How is the resource useage with clamav? I'm tempted to install it, but
> the cpus on that server are already pretty stressed just dealing with
> spamc (I already offloaded spamd to another box) and everything else it
> has to do, and am hesitant to
I'm seeing something strange. There is a (known, being worked on) problem
with clam where bounces of the SCO virus do get through.
However, they ARE being stopped by Spam Assassin based on DCC, Razor, and
the antidrug.cf from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
I unfortunately
On Tue, 27 Jan 2004, Richard Beyer wrote:
> Could someone help me cobble together a rule quickly to counteract the
> attachments it's using. Something to catch test.zip, readme.zip and
> body.zip (the most common ones it appears to be using at the moment).
I suggest simply installing clamav and
I wanted to check that I wasn't missing something obvious.
1) Could sa-learn --mbox be made to ignore the fake message pine and UW imap
adds to mailboxes, or is there already a way to do that ?
2) Currently to process an entire mbox file via spamassassin -r , I use
formail -s spamassassin -r htt
On Thu, 22 Jan 2004, David Roback wrote:
> We are currently using SA without DCC, pyzor or razor and have a
> detection rate of about 75-90% (but getting slightly better as we feed
> bayes).
>
> What improvement could we expect by implementing one (or all) of the above?
With DCC & razor you would
On Tue, 20 Jan 2004, Marcus Frischherz wrote:
> But there is: there exists (at least in PHP) a function called
> levenshtein, which calculates the similarity between two words. Surely
> there must exist a perl equivalent to it. see:
> http://at.php.net/manual/en/function.levenshtein.php
I wonder
On Tue, 20 Jan 2004, Charles Gregory wrote:
>
> I'm starting to see mail with TEXT obfuscation, such as:
>I heard you need viagrPa.
> Note the capital P thrown in to our favorite 'v' word.
I was just about to post another one I received, same deal:
http://www.westnet.com/~chris/Spam0120
On Tue, 20 Jan 2004, Jonathan Nichols wrote:
> http://www.pbp.net/~jnichols/spam.txt
That's really odd, here it tripped a DATE_IN_PAST rule. Here's the report:
Content analysis details: (12.4 points, 5.0 required)
pts rule name description
--
--
On Tue, 20 Jan 2004, Scott A Crosby wrote:
> Read it and weep. :(
This looks very similar to the one I posted about yesterday. See this mbox:
http://www.westnet.com/~chris/Spam0118
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
W
Three spam got through SA yesterday. What's odd is all three were plain text
and had what looked to be like obivous trigger words, but none triggered a
specific content rule. I think they've managed to jiggle the order of the
words just right.
I've placed an mbox file with all three at
http://w
On Thu, 15 Jan 2004, Chris Santerre wrote:
> Success! You know that spam with the ever changing domains? The one with the
> George Bush look alike doctor that is selling 6 kinds of Mr. Wiggly
> enhancing drugs? Well I finally got it right and tested!
Actually not. Maybe you could provide an examp
On Thu, 15 Jan 2004, Brad Hazledine wrote:
> I originally removed the -8 score for habeas but then I reinserted it.
>
> I am, however, still receiving tons of spam with the fake marks.
Just checked my probably-spam folder for today. I have two spams with fake
Habeas -- but they STILL scored aroun
On Fri, 9 Jan 2004, Bill Larson wrote:
> http://g.msn.com/1SUenus/CT?http://www.2026.com/F/index.html
The SF archives for the list seem to be down at the moment, I just got a
sourceforge error. Can someone post a link to a rule for the g.msn
redirector ?
=
> > Start SpamAssassin results
> > 7.10 points, 5.5 required;
>
> > * 3.0 -- BODY: Bayesian classifier says spam probability is 99 to 100%
> > [score: 0.9988]
Also -- isn't a 3.0 for 99-100% indicative of an OLD version of
SpamAssassin ?
===
On Sun, 28 Dec 2003, schafer wrote:
>
>
> > People have no insentive to help
> > rude people Stop being a jerk and you'll likely get more help.
>
> I did not know spamassassin is home-brew. I thought I was dealing with
> one of dozens of commercial outfits, and whom in my experience respond much
>
-- Forwarded message --
Date: Sun, 28 Dec 2003 19:07:34 -0500 (EST)
From: Christopher X. Candreva <[EMAIL PROTECTED]>
To: schafer <[EMAIL PROTECTED]>
Subject: Re: [SAtalk] False positives
On Thu, 25 Dec 2003, schafer wrote:
> To Spamassassin:
>
> My publicati
On Wed, 24 Dec 2003, Scott Lambert wrote:
> We complained to them about spam to "@inch.com" this morning. They
> responded saying they were 100% opt-in. We went looking through the
> maillog.
>
> Dictionary spam. The nerve of some people.
Looks like they were added to the Spamhaus SBL as of 14
On Mon, 22 Dec 2003, Evan Platt wrote:
> It was covered - IIRC, the random text is an attempt to throw off the
> Bayesian filters.
Right -- I knew THAT part. It was just that they are using Bart Simpson
lines now.
==
Chris Candreva -- [E
Got a bunch of these over the weekend, mailing list archvies didn't turn up
any mention. What do these phrases look like to you ?
The fifth amendment does not cover
burping
I will not prescribe medication
I'm not reproduceing them all --- but it looks like someone is seeding spam
with a
A Spam got through SA last night, with two things I hadn't seen before - Yet
another form of a %RANDOM variable that isn't replaced by a value:
Subject: Re: %RND_UC_CHAR[2-8], he inadvertently turned
And a bizare X-Originating-IP header:
X-Originating-IP: [53x.netIP]
I whipped up a little
On Thu, 11 Dec 2003, Evan Platt wrote:
> I haven't seen a IM spam in.. MONTHS. AOL, MSN, Yahoo OR ICQ.
I hadn't gotten any in a while, but I got about 6 AOL IM spams yesterday.
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestN
On Mon, 8 Dec 2003, Matt Kettler wrote:
> body LOCAL_GAPPY_VIAG /\bV\Wi\Wa\Wg\Wr\Wa\b/i
> score LOCAL_OBFU_VIAG 1.0
Shouldn't the two descriptions match ? :-)
This was my version:
bodyOBFU_V /V\s+[i1l]\s+a\s+g\s+r\s+a/i
describeOBFU_V Contains obfuscat
I just opened a Bugzilla report for this:
http://bugzilla.spamassassin.org/show_bug.cgi?id=2817
(SA 2.60, Solaris, perl 5.6.1)
Funny thing is, the first line of the body was had the V word with spaces
between each letter, yet it didn't hit any v-whatever rules. I would think
simple spaceing of t
On Thu, 4 Dec 2003, Chris Petersen wrote:
> > I'm too embarrassed to tell people I use pico...
>
> I was trying to avoid the editor-war, but I have to say that I'm right
> there with you (though when I can, I use nano because it has a few more
Just to be different, I use joe -- an editor that use
On Sat, 29 Nov 2003, Bryan Hoover wrote:
> Can anyone please tell me generally how frenquently they're DCC is
> hitting with SA?
Well I just cleaned out my probably-spam folder a few minutes ago, but out
of 23 in there now, 13 hit DCC_CHECK
==
On Tue, 25 Nov 2003, Chris Santerre wrote:
> My question is, What are the views of sorbs.net? Is it effective? FPs are my
> worst nightmare. IF it blocks open proxies, (like Korea!) I'm screwed. Any
> comments are welcome. I just realised with the holidays that I have to fix
> this soon :)
I just
On Tue, 25 Nov 2003, Mike Kuentz (2) wrote:
> with will be seen as hammy. If you use the additional rules on Chris'
> site at http://www.merchantsoverseas.com/wwwroot/gorilla/Nigerian.txt
> that gets the score up to 4.6!
FYI -- this file seems to have lots of words in parens - I think whoever
wr
On Tue, 25 Nov 2003, Mike Kuentz (2) wrote:
> One big problem you have is this
>
> X-Spam-Status: No, hits=0.0 required=5.0 tests=BAYES_50 autolearn=ham
Oh yeah -- already re-learned as spam.
> with will be seen as hammy. If you use the additional rules on Chris'
> site at http://www.merchantso
On Tue, 25 Nov 2003, Ron Weales wrote:
> I know Razor is running with SA, but how can I find out if Razor is using
> their "distributed, collaborative, spam detection and filtering network"?
> I should see something in the debugged log file about connections to
> servers, correct?
spamassassin -
On Tue, 25 Nov 2003, Ron Weales wrote:
> However, I never saw anything about "read server list", "closest server
> is" or "connecting to"...
> So it appears that Razor isn't connecting to their servers.
It just so happened --- I'm working right now on why it seems razor stopped
working here. It
On Tue, 25 Nov 2003, Scott A Crosby wrote:
> How happy are people with the performance of SA, especially with all
> of thee new rules? The reason I ask is that I'm on-again, off-again
I think a faster engine is a great idea, no matter what. Spam is growing --
even if our servers are big enough N
On Thu, 20 Nov 2003, mairhtin o'feannag wrote:
> I have one client who wants to receive any emails they get, irrespective
> of SPAM (they suspect that there are legitimate emails being eliminated as
> spam). What they want is that anything that is addressed to them
> (yadayada.com) be sent throug
On Mon, 24 Nov 2003, Matt Chapman wrote:
> I have been deleting at a score of 5 via Mimedefang. I notice that
> some spam is scoring at 3.5 and 4ish. Is is better to tag at say 3-4.9
> and delete if it is any higher?
For my mail, I wouldn't auto-delete anything below 10
Wow -- here's a Nigerian type spam that scored 0.00 . I've just submit it to
DCC and leared in my bayes. Posted here if anyone wants to add to rulesets.
-Chris
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Servi
On Tue, 11 Nov 2003, Robert Leonard III wrote:
> I have been getting several new spams that seem to get past my SA setup..
>
> So far they have come from:
> @name-james.com
> @name-clark.com
> @smegheads.com
These guys are on both spamhaus and njabl . We're blocking via these lists
at the sendma
On Sat, 18 Oct 2003, Dan Kohn wrote:
> Of course, if you really just want to stop spam from ournames.com, then
> add the line "blacklist_from [EMAIL PROTECTED]" to your user_prefs.
Or if you run the mail system, block ournames.com at the MTA level. They
seem to be quite relentless.
I have them b
On Fri, 19 Sep 2003, Steven W. Orr wrote:
> But I don't want to block with a procmail rule. I want to block it with an
> SA rule. In fact, I don't even use procmail. I use spamass-milter. I want
> all my spam to be rejected before it gets in.
I realize this isn't what you asked for, but this is t
Under rc5, spamd gives this warning on start-up:
Use of uninitialized value in scalar assignment at
/usr/local/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/Util.pm line 202.
However, it seems to be working fine.
==
Chris Candreva -- [EMAIL
On Sun, 13 Sep 2003, Daniel Quinlan wrote:
> Please go ahead and submit a bug.
Thanks for your input. Just submitted, Bug #2462
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.
Before I submit a bug report on this I wanted to check my understanding.
If I get what's going on, RBL checks such as NJABL_DIALUP and DYNABLOCK
are checked, and weigh in heavily when they are the last hop before local
machines, so even if a dynamicly listed IP is in the Received, it shouldn't
t
On Fri, 12 Sep 2003, AWShirley wrote:
> I'm trying to install DB_File from CPAN so I can use Bayes, but the
> install fails. I get these error messages:
> version.c:30:16: db.h: No such file or directory
You need Berkley DB -- http://www.sleepycat.com/download/index.shtml if you
like to build f
On Thu, 11 Sep 2003, Steve Thomas wrote:
> This may not be new, but it's the first one I've seen... It only scored
> 2.513 on my company's mail server which runs a CVS version of 2.60 from a
> couple months ago. The only tests it hit are NIGERIAN_BODY1 and
> US_DOLLARS. We're not using bayes here
On Thu, 11 Sep 2003, Ken Gordon wrote:
> I just noticed the following in a spamassassin report. I thought 2.60
> (which I think I am running) didn't use this test. Am I wrong? Should I
> be zeroing it in local.cf?
grep -i OSIRU *
in /usr/local/share/spamassassin returns no matches on my system, a
On Fri, 29 Aug 2003, Malte S. Stretz wrote:
> to make it work like before (or make a symlink from /usr/local/etc to /etc).
> See also bug 2374 [1].
> [1]http://bugzilla.spamassassin.org/show_bug.cgi?id=2374
Ah. Reading through the suggestions on Bugzilla - having everything in
/usr/local/etc may
On Fri, 29 Aug 2003, Theo Van Dinter wrote:
> it's in by default:
>
> spamc:
> -U socketpath
> Connect to "spamd" via UNIX domain socket socketpath instead of a TCP/IP connection.
That means any of my users who put spamc in their .procmailrc file has to
know 1) to use a socketpath, and 2) what th
On Thu, 28 Aug 2003, Justin Mason wrote:
> - spamd now supports UNIX-domain sockets for low-overhead scanning, thanks
> to Steve Friedl for this. Strongly recommended if you're running spamc
> on the same host as the spamd server
Is there a build switch to tell spamc to use a Unix doimain s
On Wed, 27 Aug 2003, Morten Kjeldgaard wrote:
> eutectic scarf tailing identifiable corresponded
Whenever I've seen this, it's looke like:
eutectic scarf tailing identifiable corresponded
ie -- opening a font over and over. I wrote a simple procmail rule to catch
that:
:0 B
* <1
* ^^$?$?
After running it for a few days, I just noticed my 2.60 rc2 install of spamd
is creating new user's user_prefs file as mode 666.
It does create the .spamassasin directory mode 700 though.
Has anyone else seen this ? If not I'll delve deeper into what might be
wrong here.
This is on Solaris 8,
On Wed, 20 Aug 2003, Jim wrote:
> I've been getting these once in a while, they just seem to have random
> words in them.. no sales pitch that I can see. And they are always
> different sets of words.
Either you are using a text mail client, or have images turned off. not a
band thing ! The add
I whipped out a little hack tonight, as a possible solution for my users who
just want spam to disappear, to act as a safety net.
It's a small client C program, intended to receive marked spam on STDIN. It
parse out a Date, From, and Subjet line, and sends them as a UDP packet to a
perl server pr
50 matches
Mail list logo
