On Fri, 12 May 2023, Loren Wilton wrote:
But I was more interested if SA already has something like that?
It does not.
Weren't there a whole set of "FUZZY" rules once?
There still are.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
On Fri, 12 May 2023, Matija Nalis wrote:
I wonder if someone has already done it, and something sufficiently
similar to be used to that purpose?
There are a lot of ReplaceTags rules in the base ruleset.
I don't know if offhand that works with header rules.
--
John Hardin KA7OHZ
But I was more interested if SA already has something like that?
It does not.
Weren't there a whole set of "FUZZY" rules once? I'm pretty sure that they
looked for words in in the subject and maybe body of the email that had
exactly this sort of obfuscation. I don't think they were applied t
On 2023-05-12 at 15:16:59 UTC-0400 (Fri, 12 May 2023 21:16:59 +0200)
Matija Nalis
is rumored to have said:
> But I was more interested if SA already has something like that?
It does not.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com a
On Fri, May 12, 2023 at 05:32:30PM +0200, Reindl Harald wrote:
> > On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> > > On Fri, 12 May 2023, Matija Nalis wrote:
> > > > That is because those domains are not EQUAL? Od did you wanted a
> > > > rule that checks only on SIMILAR domain names
On Fri, May 12, 2023 at 11:57:57AM -0400, Alex wrote:
> I'm curious what people think of URL rewriting or otherwise having some
Such rewriting would break digital signatures, and would not work at
all e.g. on encrypted e-mails.
> kind of idea of whether a URL could or should be scanned at some la
Hi all,
I'm curious what people think of URL rewriting or otherwise having some
kind of idea of whether a URL could or should be scanned at some later time
to determine if it's potentially malicious at the current time where it may
not have been initially?
Is anyone implementing that in open sour
On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> On Fri, 12 May 2023, Matija Nalis wrote:
> > That is because those domains are not EQUAL? Od did you wanted a
> > rule that checks only on SIMILAR domain names (e.g. with lowercase
> > letter "L" replaced with number "1" as in your exampl
On Fri, 12 May 2023, Matija Nalis wrote:
On Thu, May 11, 2023 at 09:41:34PM +, Marc wrote:
I was wondering if spamassassin is applying some sort of algorithm to
comparing sender domain against recipient domain to detect a phishing
attempt?
[snip..]
That is because those domains are not
On Thu, May 11, 2023 at 09:41:34PM +, Marc wrote:
> > > I was wondering if spamassassin is applying some sort of algorithm to
> > > comparing sender domain against recipient domain to detect a phishing
> > > attempt?
> >
> > There is a suite of meta rules and subrules with names containing
> >
On Fri, May 12, 2023 at 08:31:19AM -0400, Greg Troxel wrote:
>
> It might be more common, but it's very surprising to me, because the
> manual page documents that () works
Let's face it, lot of the stuff in SA including documentation is probably
over decade old. And documentation is always the l
Henrik K writes:
> On Fri, May 12, 2023 at 07:12:35AM -0400, Greg Troxel wrote:
>> Henrik K writes:
>>
>> > From what I've seen, it's very uncommon to use this format. Why rely on
>> > some vague previously defined score, which can change at any time? Just
>> > set
>> > a static score you li
On Fri, May 12, 2023 at 07:12:35AM -0400, Greg Troxel wrote:
> Henrik K writes:
>
> > From what I've seen, it's very uncommon to use this format. Why rely on
> > some vague previously defined score, which can change at any time? Just set
> > a static score you like and fits your system.
>
> It
Henrik K writes:
> From what I've seen, it's very uncommon to use this format. Why rely on
> some vague previously defined score, which can change at any time? Just set
> a static score you like and fits your system.
It's not vague; it's the score which is defined by the distributed
rules.
My
14 matches
Mail list logo
