Still got massive leaks here. Came in this morning and SA had used 510M of
ram. Might not get time to fix it today.
Matt.
--
<:->Get a smart net
> -Original Message-
>From: Craig Hughes [mailto:[EMAIL PROTECTED]]
>Sent: 15 January 2002 19:08
>To:Spamassassin-Talk
>Subject:
to the list in plain text? It really screws
up outlook when you post in HTML, and the "convert to text" option just
looks ugly)
Matt.
--
<:->Get a smart net
> -Original Message-
>From: Craig Hughes [mailto:[EMAIL PROTECTED]]
>Sent: 16 January 2002 19:16
>To
> -Original Message-
> From: brad [mailto:[EMAIL PROTECTED]]
>
> Running SA 1.5 / SPAMD -u nobody -d on a machine that accepts
> 88k mails
> per day.
>
>
> Today was the big test, and there was a huge failure. The
> issue is that I
> get so many procmail processes opening that the CP
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>
> I'm not a sendmail expert, but IMO the problem is the number of
> concurrent deliveries sendmail is allowing.
>
> Basically a spam-check may take up to 10 seconds per mail, so
> sendmail should run only a certa
> -Original Message-
> From: Matt Sergeant [mailto:[EMAIL PROTECTED]]
>
> We don't run spamd here. It's a custom system (actually built
> using POE). At
> the moment I don't *think* it's leaking - it was Net::FTP
> that was leaking
> li
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>
> Matt Sergeant said:
>
> > > Basically a spam-check may take up to 10 seconds per mail, so
> > > sendmail should run only a certain number of concurrent deliveries
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>
> mike castleman said:
>
> > 1) Any tips for reducing this number? Most of the messages are not
> >especially private, so I can forward them or put them on the web
> >somewhere if people want. I don't wan
(*please* stop posting in HTML craig - it's a real PITA, especially because
Outlooks "switch" to plain text doesn't do nice reply-quoting)
Can you tell us how the auto-whitelist algorithm works? Surely it should be
an average system, so that 3 spams over time don't have much effect on the
overall
> -Original Message-
> From: Olivier M. [mailto:[EMAIL PROTECTED]]
>
> Hi, FYI, install Mail::Spamassassin (via cpan) never worked
> on the systems
> I'm using (Suse linux-7.3 based): it always finish this way:
>
> t/forged_rcvd...ok
>
> -Original Message-
> From: Scott Pilz [mailto:[EMAIL PROTECTED]]
>
> We run Spam Assassin with the Razor option - and it does a good
> job (from what I can tell). With new spam "tactics" being
> found daily, I
> fear that spammers may catch on to the "point system" that
> spam a
> -Original Message-
> From: Tom Lipkis [mailto:[EMAIL PROTECTED]]
>
> Conference announcements often contain the phrase "the
> following format"
> when requesting submissions, which matches the
> THE_FOLLOWING_FORM rule,
> which has a quite high score. Adding \W to the end of the
> p
- Original Message -
From: "Justin Mason" <[EMAIL PROTECTED]>
>
> Matt Sergeant said:
>
> > Can you tell us how the auto-whitelist algorithm works? Surely it should
be
> > an average system, so that 3 spams over time don't have much effect on
the
- Original Message -
From: "Charlie Watts" <[EMAIL PROTECTED]>
> Anybody get any false positives on "X-Mailer: UnityMail" ?
>
> I got a bunch of these over the weekend.
>
> Looks safe to add to RATWARE to me ...
Not sure what you mean about RATWARE, but yes, I'm getting lots of "Looks
l
- Original Message -
From: "Charlie Watts" <[EMAIL PROTECTED]>
> On Wed, 23 Jan 2002, Daniel Rogers wrote:
>
> > I think that 4.33 might be a little aggressive for HTML-only mail.
> > Especially with a default threshhold of 5.
>
> > Finally, I see why this matches the 'Forged eudoramail.c
- Original Message -
From: "Mike Coughlan" <[EMAIL PROTECTED]>
> I'm got that error on make test:
>
> Failed Test Status Wstat Total Fail Failed List of failed
> --
--
> ---
> t/strip2.t 123
- Original Message -
From: "Thomas Hurst" <[EMAIL PROTECTED]>
> * Ged Haywood ([EMAIL PROTECTED]) wrote:
>
> > I'd suggest a two digit minor version number, for example 2.01.2023
> > rather than 2.1.2023, because then we don't have the stupidity of
> > version 2.2.2023 being older than 2.1
> -Original Message-
> From: Greg Ward [mailto:[EMAIL PROTECTED]]
>
> On 24 January 2002, Matt Sergeant said:
> > No, this is Perl. Version numbers are floating point
> numbers. (yes I know
> > it's a crap situation, but that's just how it works).
&
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>
> On Jan 24, Shane Williams wrote:
>
> > So, with all the traffic over the last 48 hours, I'm feeling a bit
> > confused. It seems clear that the official 2.0 release had a few
> > bugs. Are fixes to those bugs
- Original Message -
From: "Bob Proulx" <[EMAIL PROTECTED]>
> > No, this is Perl. Version numbers are floating point numbers. (yes I
know
> > it's a crap situation, but that's just how it works).
>
> Then how do you explain 5.005_03?
Underscore is a no-op in numbers in Perl. Try it:
From: "Bob Proulx" <[EMAIL PROTECTED]>
> > | > I'd suggest a two digit minor version number, for example 2.01.2023
> > | > rather than 2.1.2023, because then we don't have the stupidity of
> > | > version 2.2.2023 being older than 2.14.4096 (like Apache does it:).
> > |
> > | Um, 2.2.* is older
> | > Gosh, 2.2 _is_ significantly older than 2.14. Who would have guessed?
> |
> | Fine, until you throw that at CPAN.pm, which checks $SomeModule::VERSION
<
> | $RemoteCPANSomeModule::VERSION before trying to install something.
> |
> | Think very carefully about breaking CPAN installation befor
From: "dman" <[EMAIL PROTECTED]>
> On Mon, Jan 28, 2002 at 02:24:17PM -, Matt Sergeant wrote:
> | I've been saying all along - in perl $VERSION is a
> | number. So it does numeric comparison, just like I described.
>
> Sorry, I have trouble rememberi
- Original Message -
From: "Bob Proulx" <[EMAIL PROTECTED]>
> > You seem to believe that RPMs and other package tools require versions
of
> > the form x.y.z. Although I know nothing about RPMs, I know Debian finds
> > 2.01 as a perfectly acceptable version number.
>
> Yes a perfectly ac
- Original Message -
From: "J. Davis" <[EMAIL PROTECTED]>
> As a point-of-interest related to this, how does one remove an
> address from the auto whitelist database (DBM)? And exactly how were
> you "poking around"? I have a small perl script which lists the
> addresses, suppose I could
From: "Donald Greer" <[EMAIL PROTECTED]>
> Matt Sergeant said:
> >Finally, if you do:
> >
> >$VERSION = '2.1_0';
> >
> >Then CPAN treats it as a beta, and won't install it - it'll do that
> with >any
>
From: "dman" <[EMAIL PROTECTED]>
> On Tue, Jan 29, 2002 at 02:58:56PM -0500, Mike Coughlan wrote:
>
> | > Has anybody created a rule for the MyParty virus? It is trapped by
our
> | > virus scanner, but it would be nice to have a rule in SA to catch it.
>
> | Maybe this is an old philpsophical d
From: "Justin Mason" <[EMAIL PROTECTED]>
> NoMailAudit is essentially a 100% compatible reimplementation of M:A which
> (a) does not require M:A or any of the other modules it requires, and (b)
> fixes some bugs that M:A has (cf. the (unusable ;) list archives for more
> details); specifically,
From: "Duncan Findlay" <[EMAIL PROTECTED]>
> On Tue, Jan 29, 2002 at 09:23:56PM -0500, dman wrote:
> > | Yes. I am. I think it would take an hour after I start my computer
is I
> > | used spamassassin -p, rather than 20 minutes :-)
> >
> > Wow. I wonder what the cause is ... probably CPU due
I'm actually inclined to add a check_url(regexp) function that properly
extracts all URL's using the same rules as Outlook uses (which is the target
client for spammers), and then checks it for matching the regexp. I'll look
into that next week if I remember to do it.
Matt.
--
<:->Get a smart ne
I'm seeing a lot of debt stuff too...
How about:
body PAY_OFF_DEBT /pay off (your )?debt/i
describe PAY_OFF_DEBT A "pay off your debt" spam
Matt.
--
<:->Get a smart net
> -Original Message-
> From: CertaintyTech - Ed Henderson [mailto:[EMAIL PROTECTED]]
> Sent: 31 January 2002 16:12
>
The problem with that is a privacy/legal issue. It's illegal [1] to store
and look at personal emails, unless you're an ISP, and then it's illegal to
store longer than something like 2 days for technical examination.
Matt.
--
<:->Get a smart net
[1] In the UK at least.
> -Original Message-
I already added that to our ruleset here. One of the biggest things I'm
working on is balancing out the GA by adding rules that subtract from the
spam score. I think that'll help the GA big time. But I'm way behind at the
moment - processing 30,000 emails a day to check if they're spam or not is a
Perhaps the RE just needs /s added on the end. Not entirely sure though
without further testing.
Matt.
--
<:->Get a smart net
> -Original Message-
> From: Jeremy Zawodny [mailto:[EMAIL PROTECTED]]
> Sent: 04 February 2002 08:02
> To: Craig Hughes
> Cc: Daniel Pittman; [EMAIL PROTECTED]
> -Original Message-
> From: Craig Hughes [mailto:[EMAIL PROTECTED]]
>
> On Mon, 2002-02-04 at 00:07, Jeremy Zawodny wrote:
> > The docs are right that this is probably a security flaw.
>
> What's the flaw? As long as we're not doing "use re
> 'eval'" in the
> code, of
On Mon, 4 Feb 2002, Edward Fang wrote:
> In the file perl5/Mail/SpamAssassin/NoMailAudit.pm (whereever you
> installed this), you will find these lines (starting at around 118 in my
> file):
>
> } elsif (/^([^\x00-\x1f\x7f-\xff :]+): (.*)$/) {
> $hdr = $1; $val = $2;
> $val =~ s/\
On Tue, 5 Feb 2002, Michael Moncur wrote:
> The following is a message I subscribed to from a server monitoring service -
> it's getting marked as spam due to the spam-phrases test. Its phrase score is
> over 800 and it scored 4.6 points, all because the words "this message" appear
> in this shor
I'm seeing a few (not many) false positives with empty To: headers, mostly
it's RFP's and things like that where everything goes in the BCC. I'm
wondering if the To: checks aren't a bit over zealous, for example I get:
To: is empty
To: has a malformed address
Missing To: header
All matching for
On Wed, 6 Feb 2002, Daniel Rogers wrote:
> Here's a couple rules I wrote to help catch stuff that was making it
> through. The scores are my own made-up numbers
>
> body INCREASE_EJACULATION /increase ejaculation/i
> describe INCREASE_EJACULATION Why would I want to do that?
That sh
On Tue, 19 Feb 2002, Charlie Watts wrote:
> And I'm actually playing with Razor again. It isn't nearly as broken as it
> was for a while. But I've got some spare CPU cycles to throw at Razor
> right now. Razor probably wouldn't be worth re-implementing in a C
> re-write, but the Rhyolite.com DCC
On 20 Feb 2002, Nigel Metheringham wrote:
> The biggest problem with razor at present is the lack of vetting of
> input, and some form of input validation is essential if razor is to be
> more than a curiosity - for example at present it appears all BUGTRAQ
> postings are being entered into the r
On Wed, 20 Feb 2002, Charlie Watts wrote:
> On Wed, 20 Feb 2002, Matt Sergeant wrote:
>
> > On Tue, 19 Feb 2002, Charlie Watts wrote:
> >
> > > And I'm actually playing with Razor again. It isn't nearly as broken as it
> > > was for a while. But I&
On Wed, 20 Feb 2002, Colm MacCárthaigh wrote:
> On Wed, Feb 20, 2002 at 01:06:06PM +0000, Matt Sergeant wrote:
> > On 20 Feb 2002, Nigel Metheringham wrote:
> >
> > > The biggest problem with razor at present is the lack of vetting of
> > > input, and some form
On 19 Feb 2002, Craig Hughes wrote:
> This system has a number of advantages over the simple counting method
> of the old AWL implementation:
>
> 1. Spammers before could just send you 3 "clean" messages and thereby
> get themselves permanently obtaining a -100 bonus. Now they would have
> to ke
On 21 Feb 2002, Craig Hughes wrote:
> > could someone please explain what does [^<] matches ?
> > afaik ^ means beginning-of-line but it's strange in [] character array.
> > so, what does ^ mean there? begin-of-line or '^' character?
> > i think it's beg-of-line, as PCRE couldn't optimize this re
On Fri, 22 Feb 2002, CertaintyTech - Ed Henderson wrote:
> I am wanting to define SA scores based on filter sensitivity terms like
> High, Medium, and Low where High would be the most agressive blocking of
> Spam to Low which is the most lenient. This would be easier for my
> customers to unders
On Mon, 4 Mar 2002, Shane Williams wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> On Sun, 3 Mar 2002, Craig R Hughes wrote:
>
> > I just pushed out the new scores (and a bugfix or two) as 2.11
>
> I know we beat the version numbering horse nearly to death a while
> back, but shouldn't this eithe
On Mon, 4 Mar 2002, Greg Ward wrote:
> On 01 March 2002, Nels Lindquist said:
> > One caveat.
> >
> > E-mail of the form [ "Your Name" <[EMAIL PROTECTED]> ] is legal.
> >
> > E-mail of the form [ [EMAIL PROTECTED] (Your Name) ] is also legal.
> >
> > Not knowing much about regexp, I'm not sure if
On Mon, 4 Mar 2002, Greg Ward wrote:
> On 04 March 2002, Matt Sergeant said:
> > "Dear matt"
>
> But your local part is "msergeant", I just checked! How much real mail
> do you get that says "Dear msergeant"?
That's work email (wh
On Mon, 4 Mar 2002, Scott Doty wrote:
> On Mon, Mar 04, 2002 at 02:29:14PM -0500, Rose, Bobby wrote:
> > I've perused the razor list archives and my take is that they will
> > release the server daemon once they deal with the trust issues. They
> > don't want to have spammers setup a server and
On Tue, 5 Mar 2002, Yevgeniy Miretskiy wrote:
> Hello everybody,
>
> I'm new to the list so please excuse me if this topic was beaten to death...
>
> I'm very impressed with spam assassin acuracy in spam detection, however
> it is not as fast as I wish it was (which is very much understandable gi
On Tue, 5 Mar 2002, Daniel Rogers wrote:
> On Tue, Mar 05, 2002 at 01:28:20AM -0800, Matthew Cline wrote:
> > There's some body tests that would also work for the subject, like the
> > CASHCASHCASH test, and I've seen some spam were the tests didn't match the
> > body but would have matched the s
On Wed, 6 Mar 2002, Kelsey Cummings wrote:
> On Tue, Mar 05, 2002 at 09:14:18AM +0000, Matt Sergeant wrote:
> > I'm not sure how Vipul is going to do this (I don't follow the Razor list
> > since Razor is so unreliable that we don't use it). I spent a week
> >
On Tue, 5 Mar 2002, Richard Sonnen wrote:
> I've got an idea for making the SpamAssassin configuration process
> more flexible, and I'd love to hear your suggestions and comments
> before I jump in and make a mess of the code ;-)
>
> I'm in the process of deploying SpamAssassin on a distributed m
On Wed, 6 Mar 2002, Matthew Cline wrote:
> On Wednesday 06 March 2002 01:40 am, Matt Sergeant wrote:
>
> > What I suggest is that the body stripping code adds the subject header in.
>
> If you did that, then the LINE_OF_YELLING rule will get invoked whenever the
> SUBJ_AL
On Tue, 5 Mar 2002, Daniel Rogers wrote:
> It seems that part of the reason that the HUNZA_DIET_BREAD doesn't seem to
> be doing anything is that they've changed their message around so the rule
> doesn't match any more.
>
> Here's part of the message that was received a couple weeks ago:
>
> ---
On Tue, 5 Mar 2002, Richard Sonnen wrote:
> An off-list discussion of the SA config process brought up an
> unrelated good idea that I'm passing along:
>
> It might be useful to set up spamc and spamd so that you could
> specify alternate config files more easily. i.e.
>
> spamc --cf /path/to/sy
On Wed, 6 Mar 2002, Matthew Cline wrote:
> On Wednesday 06 March 2002 01:40 am, Matt Sergeant wrote:
>
> > What I suggest is that the body stripping code adds the subject header in.
>
> If you did that, then the LINE_OF_YELLING rule will get invoked whenever the
> SUBJ_ALL
On 5 Mar 2002, Craig Hughes wrote:
> On Tue, 2002-03-05 at 09:35, Matt Sergeant wrote:
> > On Tue, 5 Mar 2002, Yevgeniy Miretskiy wrote:
> >
> > > The question is: why do I need to run all tests if I'm running spamassassin with
>-L flag?
>
> > > Ag
On Wed, 6 Mar 2002, Daniel Pittman wrote:
> On Wed, 6 Mar 2002, Matt Sergeant wrote:
> > On 5 Mar 2002, Craig Hughes wrote:
>
> [...]
>
> >> Matt, take a look at bugzilla #62 -- there is more discussion of
> >> exactly this there. If you re-order the rules, t
On Wed, 6 Mar 2002, Richard Sonnen wrote:
> >
> >It's not exactly perfect, because it means we have to adjust spamd and
> >spamassassin scripts to optionally use a different Conf class, but that's
> >a trivial patch also. Want me to apply this and fix up spamd/spamassassin
> >too?
>
> This may w
On Wed, 6 Mar 2002, Casey Woods wrote:
> Check out this one. A few well placed .'s and tt only scored a 2.6 on
> my system:
Yep, I'm seeing this stuff too (though not in huge numbers yet). I'm going
to examine the body rules in a bit more detail, and if it makes sense, to
basically remove all p
On Wed, 6 Mar 2002, Joey Hess wrote:
> Craig R Hughes wrote:
> > Matt Sergeant wrote:
> >
> > > Changed to /HUNZA.{1,80}BREAD/i, Thanks.
> >
> > What the heck, I changed it to /HUNZA/i
>
> I'm sure that will make some of the 20 thousand hits google
On 6 Mar 2002, Nick Bellomy wrote:
> I was wondering if you could enlighten us on your hardware/software
> setup. I understand that some of the particulars could be under wraps
> based on restrictions from your employerer. I'm very curious as to what
> it takes to handle virus checking and spam
On Wed, 6 Mar 2002, Geoff Gibbs wrote:
> I seem to be geting more false positives with 2.11 than 2.01.
> The latest was triggered by someone sending the output from
> a gene comparison program. The body contains gene sequences
> which get reported as whole lines of shouting
There's not really a
On Wed, 6 Mar 2002, Ricardo Kleemann wrote:
>
> This particular message got flagged as spam by SA... and it's coming from
> the list.
>
> Is that expected behavior? (I'm NOT running the latest 2.11)
Yes, absolutely. One of the benefits is detecting spam even through
mailing lists.
--
Matt.
<:-
On Wed, 6 Mar 2002, Matthew Cline wrote:
> And here is the whole patch, all over again, with the anti-infinite-loop fix:
Slightly modified and applied, thanks!
> Index: PerMsgStatus.pm
> ===
> RCS file:
> /cvsroot/spamassassin/spam
On Wed, 6 Mar 2002, Bob Plankers wrote:
> Two things:
>
> 1) You didn't implement the whitelist/blacklist outright accept/reject
> concept yet. Bug #62 mentions that in some of Craig's notes, so if that's
> still of interest then someone should create a new "bug" for it.
Yeah, I'd prefer that as
On Wed, 6 Mar 2002, Matthew Cline wrote:
> On Wednesday 06 March 2002 05:28 pm, Matthew Cline wrote:
>
> > I found that this line of my patch to fix the "MIME null block" problem was
> > causing an infinite loop sometimes:
> >
> > my $boundary = "--$1";
>
> Ugh, that wasn't the only problem.
On Thu, 7 Mar 2002, Bart Schaefer wrote:
> On Thu, 7 Mar 2002, Matt Sergeant wrote:
>
> > On Wed, 6 Mar 2002, Casey Woods wrote:
> >
> > > Check out this one. A few well placed .'s and tt only scored a 2.6 on
> > > my system:
> >
> > Yep,
On Thu, 7 Mar 2002, Justin Mason wrote:
> Argh, some luser is feeding SA reports into spamcop, causing the "why this
> mail was tagged" url to be noted as a spamvertised URL. :(
>
> Not sure how to fix this, apart from suggesting that ISPs installing SA be
> sure to notify their users that this
On Thu, 7 Mar 2002, Matt Sergeant wrote:
> On Wed, 6 Mar 2002, Bob Plankers wrote:
>
> > Two things:
> >
> > 1) You didn't implement the whitelist/blacklist outright accept/reject
> > concept yet. Bug #62 mentions that in some of Craig's notes, so if t
On Thu, 7 Mar 2002, Shane Williams wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> I recall that before the 2.0 release there were some problems with
> messages getting mangled so that the following error appeared when
> viewing in pine:
>
> [Error: Formatting error: Non-hexadecimal character in
On Thu, 7 Mar 2002, Bob Plankers wrote:
> I still think an instant accept would be beneficial, if it is implemented
> as a lower threshold or as an outright accept. Certainly there is
> some speed to be gained by skipping the processing altogether, but
> inititally the lower threshold would be ea
On Thu, 7 Mar 2002, Geoff Gibbs wrote:
> > I think that this is
> > more closely related to the false positive, I spotted, from a base-64
> > attachment which also triggered the whole line of shouting.
>
> Thinking about this a bit more, shouldn't the whole line of shouting test
> test for some s
On Thu, 7 Mar 2002, Geoff Gibbs wrote:
> > Meanwhile, try the following diff:
> >
> > Index: lib/Mail/SpamAssassin/EvalTests.pm
> > ===
> > RCS file:
> > /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/EvalTests.pm,v
> > ret
On Fri, 8 Mar 2002, David G. Andersen wrote:
> Matthew Cline just mooed:
> > First a few rules to match non-spam:
> >
> > body SIGNATURE_DELIM/^-- $/
> > describe SIGNATURE_DELIMStandard signature delimiter present
> >
> > While there would be no effort in faking this, it
On Fri, 8 Mar 2002, Daniel Pittman wrote:
> > Low-hanging fruit, though it's out of date these days, catch
> > the snowhite virus since it's there:
> >
> > header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL story/
> > describe SNOWWHITE_VIRUS The snow white virus
> > score SNOWWHITE
On Fri, 8 Mar 2002, Daniel Pittman wrote:
>
> ...and should I mention that I regularly see non-SPAM from about half of
> those domains in lists that I am on?
I think that's the nub really - you're going to see false positives with
this rule, and the corpus may or may not show that up depending o
On Thu, 7 Mar 2002, Matthew Cline wrote:
> In HTTP_CTRL_CHARS_HOST and PORN_4, there is no "?" after "https", so it
> never matches "http://";. I'm curious as to how many spamm messages include
> an https URI; I've never seen any.
Nice catch, thanks. I've not seen many https URI's, but I don't
On Thu, 7 Mar 2002, Bart Schaefer wrote:
> On Thu, 7 Mar 2002, Timothy Demarest wrote:
>
> > Additionally, we have a goofy perl install with the prefix of [...] Is
> > there a way that SpamAssassin could use the perl prefix when searching
> > in addition to the hardcoded defaults?
>
> lib/Mail/Sp
On Fri, 8 Mar 2002, Rob McMillin wrote:
> Matthew Cline wrote:
>
> >Currently the rule is:
> >
> > uri REMOVE_PAGE /^https?:\/\/[^\/]+\/remove/
> >
> Aside: could this be written as
>
> uri REMOVE_PAGE m(^https?://[^/]+/remove)
>
> to avoid "flying slashes"?
No, because of the way SA par
On Fri, 8 Mar 2002, Bart Schaefer wrote:
> On Fri, 8 Mar 2002, Matt Sergeant wrote:
>
> > On Thu, 7 Mar 2002, Bart Schaefer wrote:
> >
> > > On Thu, 7 Mar 2002, Timothy Demarest wrote:
> > >
> > > > Additionally, we have a goofy perl install with
On Fri, 8 Mar 2002, Michael Shields wrote:
> In article <[EMAIL PROTECTED]>,
> Daniel Pittman <[EMAIL PROTECTED]> wrote:
> >> Low-hanging fruit, though it's out of date these days, catch
> >> the snowhite virus since it's there:
> >>
> >> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL
On Fri, 8 Mar 2002, Michael Shields wrote:
> > How would you, for example, propose to catch a polymorphic executable
> > virus? Our code catches these using a disassembler and examining the code
> > to see if it tries to do something malicious.
>
> I don't really care what the code is trying to d
On Fri, 8 Mar 2002, Craig Hughes wrote:
> Yes, that might be a little high
I would suggest that we be extremely careful about checks that get given
a score over 5. Part of the beauty of SpamAssassin (and heuristics in
general) is that usually a hit just contributes to the overall score, but
does
On Fri, 8 Mar 2002, Greg Ward wrote:
> On 08 March 2002, Craig Hughes said:
> > I think for this setup, where most of the addresses are not mapped in
> > /etc/passwd (and so have no ~ directory), you should look at storing the
> > configurations in a database and use the SQL stuff.
>
> Blech. I
On Fri, 8 Mar 2002, Rodent of Unusual Size wrote:
> Greetings! I'm just getting started with SA, so please pardon
> any FAQs. I *did* search the archives first, though.. no joy.
>
> I've installed SA 2.01 and Mail::Audit 2.1 on an RH 5.2 system
> running Perl 5.6.1. Mail::Internet is from Mail
On Fri, 8 Mar 2002, Craig Hughes wrote:
> On 3/8/02 12:37 PM, "Timothy Demarest" <[EMAIL PROTECTED]> wrote:
>
> > --On Friday, March 08, 2002 12:06 PM -0800 Craig Hughes
> > <[EMAIL PROTECTED]> wrote:
> >
> >> Apart from reservation number (1) above, I'd be very happy to have SA Do
> >> The Right
On Sun, 10 Mar 2002, Rob McMillin wrote:
> Charlie Watts wrote:
>
> >On Sat, 9 Mar 2002, Rob McMillin wrote:
> >
> >>
> >>s/b
> >>
> >> return $subject cmp uc($subject);
> >>
> >>
> >>
> >
> >'s OK, I'll share my prize with you. Everybody goes home a winner here at
> >"The Regex is Right!"
> >
>
On Mon, 11 Mar 2002, Charlie Watts wrote:
> On Mon, 11 Mar 2002, Matt Sergeant wrote:
> >
> >
> > Wouldn't an easier fix be:
> >
> > /^([A-Z]|[^a-z])*$/
>
> That's just way too simple, Matt. Let's try for something more
> complicate
On Mon, 11 Mar 2002, Theo Van Dinter wrote:
> On Mon, Mar 11, 2002 at 02:26:42PM +0000, Matt Sergeant wrote:
> > I think the original intention of the count was to make sure we had at
> > least three upper case chars, in which case you could get away with:
> >
> > /^(
On Tue, 12 Mar 2002, Charlie Watts wrote:
> In my spam collection, they're all already caught by the DNS blacklists -
> but some of y'all aren't using the blacklists.
>
> I'm seeing more and more of a strange phenomenon - spam with no body.
Are you sure it's spam and not one of the spates of vir
On Tue, 12 Mar 2002, Charlie Watts wrote:
> > > Does anybody get legit mail with no body?
> >
> > Yep, and I send a lot too (just mailing each other files in the office
> > would be one example, and my mail hits the smtp server due to the way it's
> > setup here (I refuse to use Outlook)).
>
> No
On Tue, 12 Mar 2002, Charlie Watts wrote:
> On Tue, 12 Mar 2002, Matt Sergeant wrote:
>
> > On Tue, 12 Mar 2002, Charlie Watts wrote:
> >
> > > > > Does anybody get legit mail with no body?
> > > >
> > > > Yep, and I send a lot too (jus
On Tue, 12 Mar 2002, Craig R Hughes wrote:
> Olivier Nicole wrote:
>
> > I also noticed the following error message while mass-check was running:
> >
> > Malformed UTF-8 character (unexpected non-continuation byte 0xc3 after
> > start byte 0xe4) in substitution iterator at
> > ../lib/Mail/SpamAss
On Wed, 13 Mar 2002, Olivier Nicole wrote:
> > Perl 5.6.0 by any chance? Upgrade.
>
> This is perl, v5.6.1 built for i386-freebsd
Then it's probably the lines above that convert numeric entities into
their actual characters. Can you check the email in question for numeric
entities?
--
Matt.
<:
Geoff Gibbs wrote:
>>uri PORN_4
>>
>/^https?:\/\/[\w\.]*(?:xxx|sex|anal|slut|pussy|cum|nympho|suck|porn|hardcore|tab
>oo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|eroti
>c|lust|panty|panties)\w*\./
>
>I believe that the current version of PORN_4 (2.11) is triggered
Geoff Gibbs wrote:
>Matt Sergeant replied:
>
>>>I believe that the current version of PORN_4 (2.11) is triggered by :-
>>>
>>>http://www.essex.ac.uk/
>>>
>
>>Good. That means SpamAssassin is working ;-)
>>
>
>I am not sure that the
Jim Paris wrote
>Maybe all I want/need is an option to have SpamAssassin spit out the
>report and let me deal with it externally. 'spamc -c' comes close,
>but I'm still missing the report if I do that. Maybe a 'spamc -C'
>would be in order. Then, I can MIME-mangle and spam-bounce all I'd
>like
CertaintyTech - Ed Henderson wrote:
>I am very pleased with SA and the job it is doing. Good job to all!
>
>But...In my situation if SA makes a false positive it is often on mailing
>list type emails. Perhaps a user has suscribed to a joke of the day or some
>hobby list, etc... Has anyone deve
1 - 100 of 330 matches
Mail list logo
