Re: fired rules count ..rule

Il 02/03/2012 12:13, Martin Gregorie ha scritto: On Fri, 2012-03-02 at 00:52 +0100, Amedeo Rinaldo wrote: ..[cut].. I cannot write tons of "meta __FLAG_X (!THIS_RULE&& !THIS_OTHER_RULE&& ..)" I need some sort of match like "if AllFiredRules in (RuleA, RuleB, RuleC, ...) -> raise __FLAG_Y".

Re: Spam from Moniker Privacy Services.

Here are some samples of this spam in pastebin: http://pastebin.com/djidF7dg http://pastebin.com/DQan00ve http://pastebin.com/1PizAzMv http://pastebin.com/Hd6vVpYi Thank you, Frank On 02-03-2012 14:31, Jeremy McSpadden wrote: Pastebin some emails + headers -- Jeremy McSpadden Flux Labs, Inc h

Re: Spamassassin detect my mails as spam

On Thu, 1 Mar 2012 16:18:56 +0100 Michelle Konzack wrote: > Hello RW, > > Am 2012-02-25 22:42:47, hacktest Du folgendes herunter: > > I think that this is pretty conclusive that it's nothing to do with > > Spamassassin. It doesn't look anything like what I'd expect for a > > Spamassassin-based r

Spam from Moniker Privacy Services.

I'm getting a bunch spam from Moniker Privacy Services & other domain privacy services but they seem host their smtp servers everywhere in the world (mostly in the US) and below are some examples of what I got when I did a whois on the some of the domains: a-trigano.com 66.197.198.131 OrgName:

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 18:15, Jeremy McSpadden skrev: Leap Year sure ? # # Copyright 2012 Nordea # body __COPYRIGHT_NORDEA /Copyright\ 201.\ Nordea/i meta PHISHMAIL_NORDEA (__COPYRIGHT_NORDEA && !SPF_PASS) describe PHISHMAIL_NORDEA Meta: __COPYRIGHT_NORDEA && !SPF_PASS score PHISHMAIL_NORDEA 3.0 if s

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Leap Year -- Jeremy McSpadden On Mar 2, 2012, at 11:11 AM, "Benny Pedersen" wrote: > Den 2012-03-02 17:50, Axb skrev: >> On 03/02/2012 05:36 PM, Benny Pedersen wrote: >>> just a note to whom it might concern :) >> why no pastebin a sample? > > february had 29 days this yaer ? > > its being r

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 17:50, Axb skrev: On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample? february had 29 days this yaer ? its being resolved, sorry for the noice

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample?

Re: uribl lastminute.com listed in uribl white and is now used for nordea phishiing mails

Den 2012-03-02 17:40, Jeremy McSpadden skrev: Ha. Nice be nice to an old mand -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, "Michael Scheidell" wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. -- Michael Scheidell, CTO o:

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

It was a last minute decision. Jeremy McSpadden wrote: >Ha. Nice > > >-- >Jeremy McSpadden > >On Mar 2, 2012, at 10:38 AM, "Michael Scheidell" > wrote: > >> On 3/2/12 11:36 AM, Benny Pedersen wrote: >>> just a note to whom it might concern :) >>> >> phisting? >> >> OUCH. >> >> >> -- >> Mich

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

Ha. Nice -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, "Michael Scheidell" wrote: > On 3/2/12 11:36 AM, Benny Pedersen wrote: >> just a note to whom it might concern :) >> > phisting? > > OUCH. > > > -- > Michael Scheidell, CTO > o: 561-999-5000 > d: 561-948-2259 > >*| *SECNAP Network

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Com

uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

just a note to whom it might concern :)

Re: matching charset

On 02/03/2012 14:21, Kevin A. McGrail wrote: On 3/2/2012 1:13 AM, Tom Kinghorn wrote: morning list 9 1 is essentially the Western charset. I don't think you'll find it indicative of much spam or ham. regards, KAM Thanks to all who have replied. I am going to add the charset as part of a m

Re: matching charset

On 3/2/2012 1:13 AM, Tom Kinghorn wrote: morning list Please could you advise as to how I would match this charset (iso-8859-1) I would like to include it as part of a meta-test for phishing however, my attempts have failed. Hi Tom, A - The charset in the second half isn't a header. It's p

Re: matching charset

On Fri, 2012-03-02 at 08:13 +0200, Tom Kinghorn wrote: > morning list > > Please could you advise as to how I would match this charset (iso-8859-1) > Are you using the MimeMagic plugin? IIRC you need it to test MIME headers. Martin

Re: fired rules count ..rule

On Fri, 2012-03-02 at 00:52 +0100, Amedeo Rinaldo wrote: > (sorry for this 'thread up') > > -- -- > > I wrote.. > > > ..[cut].. > > And now the real answer to you Martin.. > > I cannot write tons of "meta __FLAG_X (!THIS_RULE && !THIS_OTHER_RULE && > > ..)" > > I need some sort of match like "