Re: Vista Obfuscation

2008-02-28 Thread Samuel Krieg
Karsten Bräckelmann a écrit : If you want to enforce a non-word char preceding this, the \W is fine. However, the alternate anchor at the beginning of the string probably will be rather useless. From the fine docs [1], body rule definitions: "All HTML tags and line breaks will be removed befo

Re: Vista Obfuscation

2008-02-28 Thread Samuel Krieg
Karsten Bräckelmann a écrit : On Thu, 2008-02-28 at 14:26 +0100, Samuel Krieg wrote: I'm trying to create a rule to identify "\/ista" (with backslash + slash). This does not seem to work: bodyWNG_OBFUVISTA /\b\\\/ista\b/i The backslas

Vista Obfuscation

2008-02-28 Thread Samuel Krieg
Hi there, I'm trying to create a rule to identify "\/ista" (with backslash + slash). This does not seem to work: bodyWNG_OBFUVISTA /\b\\\/ista\b/i score WNG_OBFUVISTA 1 Any idea? Thanks. -- Samuel Krieg

Re: Spoofed URI's or fake websites ?

2007-07-05 Thread Samuel Krieg
I wrote this because of Jeff's phrase. If they are windows do an fdisk, format, etc. I think it's important to work on the OS that you know how to configure, secure and manage. Whatever system it is. I did not want to praise any system. I remain paranoid and monitor system logs, smtp queries

Re: Spoofed URI's or fake websites ?

2007-07-05 Thread Samuel Krieg
Jeff Chan a écrit : Quoting Samuel Krieg <[EMAIL PROTECTED]>: Hi I'm receiving some spam with links like http://www.somewebsite.tld/image.htm ( filename may differ like join.htm or shop.htm ). The uri redirects to another viagra website. But the somewebsite.tld looks like a norma

Spoofed URI's or fake websites ?

2007-07-05 Thread Samuel Krieg
les : http://www.apnalounge.com/shop.htm http://www.tvoftheabsurd.com/join.htm I need to understand how it works.. Is the hosting server beeing abused ? Any ideas/solutions ? Thank you. -- Samuel Krieg

Re: Spam reporting account

2007-05-30 Thread Samuel Krieg
Uwe Kiewel a écrit : Hi, I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into their mailbox, they can send it to the spam reporting account. A cron job looks into that account to train spamassassin.

Re: What score do you get on this Nigerian Scam?

2007-05-30 Thread Samuel Krieg
itself is protected from spam, and I don't think I've ever seen one come through. I use this (seen on this very mailing list) bayes_ignore_from [EMAIL PROTECTED] bayes_ignore_to [EMAIL PROTECTED] -- Sam -- Samuel Krieg

Re: What to do with spam?

2007-05-24 Thread Samuel Krieg
Hi (Holã), This is how I try to manage spam: Bayes: --- - I have a local folder located on the LAN where people of my company can put ".eml" or mbox spam/ham files ( actually I am the only one doing it because others users use M* Outlook). - Every hour a cron script uploads all these fil