Hrmm, even better would be the following header check, which should be
faster to process and harder to fake:
header PGP_MIME_SIGNATURE Content-Type =~ /multipart\/signed;
micalg.*application\/pgp-signature"/s
describe PGP_MIME_SIGNATURE Contains PGP-signed MIME attatchement
Due to every m
* Duncan Findlay <[EMAIL PROTECTED]> [2002-03-04T20:19-0800]:
> This is signed - mutt style. (I'm not really sure how this turns out in
> other MUA's. I think it's a multpart mime message.
multipart/signed, and apparently not matched by the rawbody
PGP_SIGNATURE rule in SA 2.11. Maybe an additio
On Tue, Mar 05, 2002 at 10:43:38AM +0700, Olivier Nicole wrote:
> > > It would need to check that the strings between BEGIN and END is in a
> > > proper format that belongs tp PGP, even if PGP cannot finish
> > > validating the signed text.
> >
> > And what is that format?
>
>
> Well I have no
> > It would need to check that the strings between BEGIN and END is in a
> > proper format that belongs tp PGP, even if PGP cannot finish
> > validating the signed text.
>
> And what is that format?
Well I have no idea, I beleive that could be solved by a call to PGP,
where PGP would abort say
On Tue, Mar 05, 2002 at 09:55:25AM +0700, Olivier Nicole wrote:
> > > OK then only check that the thingy bellow BEGIN PGP SIGNATURE---
> > > is a valid signature. That should be quick.
> > I think validate = verify.
>
> It does not need to be the same.
>
> For example it does not need to hav
> > OK then only check that the thingy bellow BEGIN PGP SIGNATURE---
> > is a valid signature. That should be quick.
> I think validate = verify.
It does not need to be the same.
For example it does not need to have the public key of the one
signing, nor it needs to calculate the hash for th
On Tue, Mar 05, 2002 at 09:20:22AM +0700, Olivier Nicole wrote:
> >Please don't verify the signature. Some things are best left to the MUA.
> >Verifying takes a LONG time, in some cases. My MUA also verifies. Does it
> >make sense for both to do so?
>
> OK then only check that the thingy bellow -
>Please don't verify the signature. Some things are best left to the MUA.
>Verifying takes a LONG time, in some cases. My MUA also verifies. Does it
>make sense for both to do so?
OK then only check that the thingy bellow BEGIN PGP SIGNATURE---
is a valid signature. That should be quick.
Oli
On Mon, Mar 04, 2002 at 09:01:45PM -0500, Duncan Findlay wrote:
| On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote:
| > Me thinks it would even be a good thing is SA could verify the signature :)
| >
| > But where to get the key from?
| >
|
| Please don't verify the signature. Som
I agree. Verifying is probably overkill, and definitely slow, and the
MUA's job. Actually, probably not the MUA's job, but the MUA should
call something to do the job.
C
On Mon, 2002-03-04 at 18:01, Duncan Findlay wrote:
> On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote:
> > Me
On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote:
> Me thinks it would even be a good thing is SA could verify the signature :)
>
> But where to get the key from?
>
Please don't verify the signature. Some things are best left to the MUA.
Verifying takes a LONG time, in some cases
Me thinks it would even be a good thing is SA could verify the signature :)
But where to get the key from?
Olivier
> | Playing devil's advocate, all the spammers have to do is add the text:
> |
> | -BEGIN PGP SIGNATURE-
> |
> |
> | They don't actually have to sign anything. Put it at t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Monday, 4. March 2002 04:01 schrieb Duncan Findlay:
> > Interesting negative scores:
> > score INCREASE_SALES -1.273
> > score CASHCASHCASH -0.839
> > score OPPORTUNITY-0.651
(...)
> And even if
On Mon, Mar 04, 2002 at 10:00:20AM -0800, Craig Hughes wrote:
> way to go pointing out tips for the spammers :)
I try not to underestimate my enemies -- I think the spammers would have
figured this one out on their own. ;)
--
Randomly Generated Tagline:
"Smoking kills. If you're killed, you've
Thanks Theo,
way to go pointing out tips for the spammers :)
C
On Mon, 2002-03-04 at 07:22, Theo Van Dinter wrote:
> On Mon, Mar 04, 2002 at 09:11:23AM -0600, Seth H. Bokelman wrote:
> > folks. I don't think that Spammers are going to go through all the
> > trouble of obtaining a PGP key and s
On Mon, Mar 04, 2002 at 10:22:05AM -0500, Theo Van Dinter wrote:
| On Mon, Mar 04, 2002 at 09:11:23AM -0600, Seth H. Bokelman wrote:
| > folks. I don't think that Spammers are going to go through all the
| > trouble of obtaining a PGP key and signing their messages just to
| > slip one past SpamA
On Sun, 2002-03-03 at 21:16, Michael Moncur wrote:
> NEGATIVE SCORES that weren't indended to be:
> (probably by now most of these are just bad rules and should be set to zero)
Setting these to 0 without introducing new nonspam-identifying rules to
replace them will greatly (very greatly) increas
Not necessarily in more nonspam than spam, but in a significant amount
of nonspam. Raising the scores on these (and I tried with each) will
severely increase the rate of false positives.
C
On Sun, 2002-03-03 at 18:22, Matthew Cline wrote:
> On Sunday 03 March 2002 05:58 pm, Craig R Hughes wrote
On Mon, Mar 04, 2002 at 09:11:23AM -0600, Seth H. Bokelman wrote:
> folks. I don't think that Spammers are going to go through all the
> trouble of obtaining a PGP key and signing their messages just to
> slip one past SpamAssassin.
Playing devil's advocate, all the spammers have to do is add th
MAIL PROTECTED]] On Behalf Of
Michael Moncur
Sent: Sunday, March 03, 2002 11:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] 2.11 released
> I just pushed out the new scores (and a bugfix or two) as 2.11
The new scores look MUCH better. By the way, using my corrected
scores with 2.1 for the la
> I just pushed out the new scores (and a bugfix or two) as 2.11
The new scores look MUCH better. By the way, using my corrected scores with 2.1
for the last few days, I've had excellent results. Not a single false positive
and only a couple missed spams. I think the new scores will be even bette
On Sun, Mar 03, 2002 at 06:22:03PM -0800, Matthew Cline wrote:
> On Sunday 03 March 2002 05:58 pm, Craig R Hughes wrote:
> > I just pushed out the new scores (and a bugfix or two) as 2.11
> >
> > The new scores are done by constraining the GA more, using Michael Moncur's
> > submitted scores as a
On Sunday 03 March 2002 05:58 pm, Craig R Hughes wrote:
> I just pushed out the new scores (and a bugfix or two) as 2.11
>
> The new scores are done by constraining the GA more, using Michael Moncur's
> submitted scores as a starting point, and then hand-tweaking the output
> where basically any -
I just pushed out the new scores (and a bugfix or two) as 2.11
The new scores are done by constraining the GA more, using Michael Moncur's
submitted scores as a starting point, and then hand-tweaking the output where
basically any -ve scores that came out but which only existed in the corpus as
24 matches
Mail list logo