> > Any domain names in a phishing email code are most likely going to be
legit
> > domain names such as, ebay.com, bankofamerica,com, southtrustbank.com
etc..
> > These are the domains visible to the target/sucker.
On the other hand, I just got a phish insisting I had to update my
wellsfargo acco
On Sunday, July 31, 2005, 10:39:14 AM, Greg Allen wrote:
> People who do phishing are going to change their IP address (IP where the
> actual target/sucker is sent) frequently. They are also probably going to
> use random and ever changing computer IPs outside the US for obvious legal
> reasons. Ma
On Sunday, July 31, 2005, 3:52:53 AM, Herb Martin wrote:
> Presumably -- now you have me interested so I am going to check
> -- ClamAV does more than a naive pattern match on the URI and
> apparently they even have (had) endless debates in the ClamAV
> newsgroups/lists on this subject.
Sure, and a
> what is the \b for?
Word break. There has to be a space or some other "non-word" character
following the things in parends. Which is why peinss manages to not be hit.
Word breaks are usually used to keep from hitting on unexpected things, like
the middle of a word that is benign. Offhand I'm
From: "Herb Martin" <[EMAIL PROTECTED]>
> > -Original Message-
> > From: jdow [mailto:[EMAIL PROTECTED]
> >
> > From: "Herb Martin" <[EMAIL PROTECTED]>
> >
> > > * -3.5 HM_URIBL_SC_DBL Prevent SC-SC2 double score
> > > * -2.5 HM_URIBL_SC_XS Prevent SC-XS double score
> >
> > Just set
Herb Martin wrote:
Looking over the scores, BODY_ENH seems to score 0 when
network tests
are
enabled,
so it would miss during network problems
Wolfgang Hamann
WHAT SARE rules are you running. Some are good for drug spam
and some are not.
I am running ALL of the following in additi
From: "Herb Martin" <[EMAIL PROTECTED]>
> I am running ALL of the following in addition to a few things
> and some rescoring in my local.cf. I am NOT running the either
> of the two large blacklists for URIs etc. since my SpamD seems to
> get "memory sick" when they run (over a Meg each):
>
> 6
That doesn't turn up anything either. I've got a vanilla, out-of-the-box
set of configs. :\
On Sun, 31 Jul 2005, Loren Wilton wrote:
> > The problem is still happening. I'm willing to downgrade if you think
> > that'll solve the problem.
>
> No, this is probably somethig else. I'd grep your va
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Sunday, July 31, 2005 12:14 PM
> To: users@spamassassin.apache.org
> Subject: Re: unwanted breakthrough
>
> From: "Herb Martin" <[EMAIL PROTECTED]>
>
> > * -3.5 HM_URIBL_SC_DBL Prevent SC-SC2 double score
> > * -2.5 HM
> > Looking over the scores, BODY_ENH seems to score 0 when
> network tests
> > are
> enabled,
> > so it would miss during network problems
> >
> > Wolfgang Hamann
>
> WHAT SARE rules are you running. Some are good for drug spam
> and some are not.
I am running ALL of the following in addition
At 08:48 AM 7/31/2005, Loren wrote:
My guess, without looking at the rules in question, is simply that a smarter
spammer played around until he found two specific mis-spellings that would
not be caught by the obfuscated drugs and body parts tests, and then used
those and only those two.
Exactly
>>
>> I agree, we definitely need SURBL black lists. They have helped tremendously
>> against spam! I just feel that it would be chasing one's tail a bit to try
>> to catch phishing in SURBL.
>>
>> People who do phishing are going to change their IP address (IP where the
>> actual target/sucker i
I agree, we definitely need SURBL black lists. They have helped tremendously
against spam! I just feel that it would be chasing one's tail a bit to try
to catch phishing in SURBL.
People who do phishing are going to change their IP address (IP where the
actual target/sucker is sent) frequently. Th
Matt Kettler wrote:
>Magnus Holmgren wrote:
>>Kai Schaetzl wrote:
>>>Magnus Holmgren wrote on Thu, 28 Jul 2005 09:06:20 +0200:
>>>
In other words, is there a way to bypass the 3 points minimum for header
and body? (Why isn't that limit configurable, by the way?)
>>>
>>>It's trying to preve
From: <[EMAIL PROTECTED]>
> Hi Herb,
>
> thanks for the quick reply. I am not really concerned about the lack of
dns result
> (when I retest this, I get ample points from various dns sources)
> Maybe it was really brand new when I received it, or I might have had a
temporary
> network glitch. (I a
From: "Herb Martin" <[EMAIL PROTECTED]>
> * -3.5 HM_URIBL_SC_DBL Prevent SC-SC2 double score
> * -2.5 HM_URIBL_SC_XS Prevent SC-XS double score
Just set these scores to 0.1 or something tiny like that. Setting them
to minus scores them minus, which you do not want.
{^_^}
I'm running Net::DNS 0.53, which installed cleanly on my system.
I've also cleaned out any errors generated by sa --lint.
The problem is still happening. I'm willing to downgrade if you think
that'll solve the problem.
Thanks,
Chris
On Sat, 30 Jul 2005, Loren Wilton wrote:
> > ul 30 19:13:29
My guess, without looking at the rules in question, is simply that a smarter
spammer played around until he found two specific mis-spellings that would
not be caught by the obfuscated drugs and body parts tests, and then used
those and only those two.
The solution here is going to be to fix up som
> ClamAV is designed to protect against viruses. While their
> anti-phishing function works well, phishes and spam are not
> viruses. They probably felt the need to do something because
> the phishing threat is pretty serious, or can be if people
> get tricked by them, but we've had a SURBL p
Hi Herb,
thanks for the quick reply. I am not really concerned about the lack of dns
result
(when I retest this, I get ample points from various dns sources)
Maybe it was really brand new when I received it, or I might have had a
temporary
network glitch. (I am in fact running on ADSL, with a
On Saturday, July 30, 2005, 11:47:40 PM, Greg Allen wrote:
> It seems like this would be a hard thing to do by IPs. If you were to use
> Clamav and the Spamassassin hook (see wiki for it), you may get better near
> real-time phishing protection. That is what I do here any way. I give Clamav
> a 100
> for some reason the spam sample at
> http://wolfgang.remsnet.de/medspam.txt
> is only classified by html rules, and by various dns tests,
> but the common drugs and human body part rules missed it.
> Anyone would have an idea why this is so?
>
> I am running 3.0.4 default rules, plus a few SAR
Hi,
for some reason the spam sample at
http://wolfgang.remsnet.de/medspam.txt
is only classified by html rules, and by various dns tests, but the common
drugs and
human body part rules missed it. Anyone would have an idea why this is so?
I am running 3.0.4 default rules, plus a few SARE ones
Hi,
I installed qmail (only for smtp proxy) + spamassassin (userpref,
bayes, awl store in mySQL). I use spamd and spamc to scan every email,
but how can spamc scan email with personal configuration after scan
with global configuration ?
I want my user can configure bayesian, userpref, or awl for
At 07:17 PM 7/30/2005, Chris Martino wrote:
Hello,
I've just upgraded my SA from 2.50 to 3.04, however the new installation
seems to be generating a few errors when checking mail. I'm using SA with
qmail-scanner 1.25 with spamd and spamc. When an email is getting scanned
I get these errors in
25 matches
Mail list logo
