- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
> As a second commentary, why are the scores you assigned linearly
increasing
> with % HTML? Is there a reason, or just something you whipped up quickly?
Let's say I whipped it up quickly, yes. But in essence there is no false
- Original Message -
From: "Kai Poppe" <[EMAIL PROTECTED]>
> Let's say I whipped it up quickly, yes. But in essence there is no false
> positive due to that score going up linearily. If i had the slightest
chance
> of transforming the S/O curve into a hundred steps and use it for the
scor
On Sat, 13 Dec 2003, Gary Funck wrote:
> Alternatively, offer a max count and pattern. The actual count would be
> expressed as a percentage of the maximum, and this would be multiplied
> by the score..
Actually, this is what I said we did *not* want when I said a 'straight
multiplier' would
Yes yesterday I enabled Net::DNS as well as adding DCC check and now
I'm pleased to say that spammer is no longer a concern.
I have a question a perl question and I'm not sure where in the various
Perl docs you are suppose to look for this but I want to know exactly
what this means.
package Ma
The spammers are getting smarter about Bayes... this one sneaked through
SA 2.6, a well trained Bayes database, and the BigEvil rules with a
score of 1.0 out of 5. What to do? I'm sure that the sleazebags that
come up with these will send many of them now that they've figured out
it works. It's
At 12:47 PM 12/14/2003, Rubin Bennett wrote:
The spammers are getting smarter about Bayes... this one sneaked through
SA 2.6, a well trained Bayes database, and the BigEvil rules with a
score of 1.0 out of 5. What to do?
That's funny.. it hit BAYES_99 on mine...
Admittedly I had to do a kinda hal
Hi Rubin
Clever yes, but not clever enough. Check out these sets, the backhair
set gives this spam 9 more points.
http://www.emtinc.net/spamhammers.htm
look in the source of the email, if you haven't, to see what they will
hit on. You're right too, they use this technique a lot... but that
When you see encoded urls like that you have to suspect that this is an
ebay phish right?
Does anybody know what the url is?
Received: (qmail 7380 invoked from network); 14 Dec 2003 00:45:49 -
Received: from 12-229-8-208.client.attbi.com (HELO earthling.net)
(12.229.8.208)
by grub.camro
At 01:24 PM 12/14/2003, Robert Nicholson wrote:
When you see encoded urls like that you have to suspect that this is an
ebay phish right?
Does anybody know what the url is?
Um.. encoded URL? sorry, but your copy-paste didn't bring over the
"encoded" part of the URL.
But, based only on the fact th
At Sun Dec 14 18:40:27 2003, Matt Kettler wrote:
>
> At 01:24 PM 12/14/2003, Robert Nicholson wrote:
> >When you see encoded urls like that you have to suspect that this is an
> >ebay phish right?
> >
> >Does anybody know what the url is?
>
> Um.. encoded URL? sorry, but your copy-paste didn't br
On 14 Dec 2003, Rubin Bennett wrote:
> The spammers are getting smarter about Bayes... this one sneaked through
> SA 2.6, a well trained Bayes database, and the BigEvil rules with a
> score of 1.0 out of 5.
The body of the spam in question was more than 80% Bayes-
poison. It's not surprisi
The Backhair rules nailed it (10 points). I (duh) didn't even look
carefully at the HTML so I missed the really ugly tags in there.
Thanks!
Rubin
On Sun, 2003-12-14 at 12:47, Rubin Bennett wrote:
> The spammers are getting smarter about Bayes... this one sneaked through
> SA 2.6, a well trained
Look at the body of the message and you should see a bunch of %'s in
the url.
You don't see them?
Does your MUA allow you to look at the raw text of the message?
On Dec 14, 2003, at 12:40 PM, Matt Kettler wrote:
At 01:24 PM 12/14/2003, Robert Nicholson wrote:
When you see encoded urls like tha
To tell the truth, this is the first spam that I actually recieved in my
Inbox in 3 days... between Bayes and BigEvil, I average only 1 out of
the 150+ spams I've been receiving per day that SA doesn't catch.
However, now I'm spoiled and I never want to see another spam message
(!), so I grumble w
At 02:40 PM 12/14/2003, Robert Nicholson wrote:
Look at the body of the message and you should see a bunch of %'s in the url.
You don't see them?
Does your MUA allow you to look at the raw text of the message?
Well, your post itself is declared to be text/plain.. When my MUA saw a
html declarati
On Sunday 14 December 2003 19:24, Robert Nicholson wrote:
> When you see encoded urls like that you have to suspect that this is an
> ebay phish right?
>
> Does anybody know what the url is?
[...cut 'n paste into a URL to a friendly webserver...]
The requested URL
/[EMAIL PROTECTED]:80/e.html
w
On 14 Dec 2003 12:47:58 -0500, Rubin Bennett <[EMAIL PROTECTED]> writes:
> And, has anyone given any thought to working the SA engine up in C or
> something faster than Perl? I've seen many issues with system resources
> and SA, and the answer keeps coming back as one of two responses:
It is not
On Sun, 14 Dec 2003 14:23:21 -0500 (EST), "Carl R. Friend" <[EMAIL PROTECTED]> writes:
>I've got a prototype eval() that looks at the incidence of
> what I tentatively call "smallwords" (the "glue" words like "is",
> "a", "the", "and", &c.) that hold the English language together
> and flags a
18 matches
Mail list logo
