Re: PDF spam

Alex, >> What is the name of the plugin you're referring to? It's not PDFInfo, >> correct? It's called Pdf.pm (note the unusual capitalization) or PDFassassin and starts with something saying: # PDF scan, inspired by Ocr.pm # For more details see # http://blog.atmail.com/?p=61 I cannot remem

Re: PDF spam

Am 04.04.2016 um 01:18 schrieb Martin Gregorie: On Sun, 2016-04-03 at 21:01 +0200, Reindl Harald wrote: Am 03.04.2016 um 20:56 schrieb Martin Gregorie: None of these file extensions appear in my dangerous attachments rule. Maybe .DOC should be included, but it isn't and I simply don't remem

Re: PDF spam

On Sun, 2016-04-03 at 17:42 -0400, Alex wrote: > > Do you have any rules for your fake invoice detection (perhaps > pseudocode?) that you'd like to share? > Not as concrete rules, partly because, just as everybody's spam streams are different, so my specific rules probably won't work for your spa

Re: PDF spam

On Sun, 2016-04-03 at 21:01 +0200, Reindl Harald wrote: > > > Am 03.04.2016 um 20:56 schrieb Martin Gregorie: > > > > > > None of these file extensions appear in my dangerous attachments > > rule. > > Maybe .DOC should be included, but it isn't and I simply don't > > remember > > if MSWord supp

Re: PDF spam

Hi, On Sun, Apr 3, 2016 at 2:56 PM, Martin Gregorie wrote: > OK, I've analysed this a bit further. I did some searching, using the 4 > word phrase which, unless I'm totally confused, is the one I've picked > out of your piece of spam and added into my fake invoice detection > ruleset. Just now I

Re: PDF spam

Am 03.04.2016 um 20:56 schrieb Martin Gregorie: None of these file extensions appear in my dangerous attachments rule. Maybe .DOC should be included, but it isn't and I simply don't remember if MSWord supported macros back then (2004) MS word supports macros for more than a decade with OOXML

Re: PDF spam

On Sun, 2016-04-03 at 09:47 -0400, Alex wrote: > Hi, > > > > > > > > > There's very little text in the body, so I suspect that's why > > > bayes > > > is confused. PDF invoices and conversations involving "payment" > > > and > > > "invoice" are not all that uncommon. > > > > > True, but this ty

Re: PDF spam

Hi, >> There's very little text in the body, so I suspect that's why bayes >> is confused. PDF invoices and conversations involving "payment" and >> "invoice" are not all that uncommon. >> > True, but this type of spam often contains odd or somewhat archaic > phrases. I find that a local rule that

Re: PDF spam

On 1 Apr 2016, at 13:25, Alex wrote: > There's very little text in the body, so I suspect that's why bayes is > confused. PDF invoices and conversations involving "payment" and > "invoice" are not all that uncommon. Ones which aren't sent to anyone in particular are quite rare. (but since I just

Re: PDF spam

Alex, > Has anyone else seen an increase in PDF invoice spam with just a link > in it? The centurylink IP is now blacklisted, but obviously it wasn't > when this was received. The link contained in the PDF has also already > been disabled, but obviously wasn't when this was received. > > I'd reall

Re: PDF spam

> On Apr 1, 2016, at 4:11 PM, Martin Gregorie wrote: > > On Fri, 2016-04-01 at 13:25 -0400, Alex wrote: >> Hi all, >> >> Has anyone else seen an increase in PDF invoice spam with just a link >> in it? The centurylink IP is now blacklisted, but obviously it wasn't >> when this was received. The

Re: PDF spam

On Fri, 2016-04-01 at 13:25 -0400, Alex wrote: > Hi all, > > Has anyone else seen an increase in PDF invoice spam with just a link > in it? The centurylink IP is now blacklisted, but obviously it wasn't > when this was received. The link contained in the PDF has also > already > been disabled, but

Re: PDF-Spam passing SA

Hey, Ninja, how can I be sure that my PDFInfo plugin works ? When I pass it through SA it reports that it is unlikely spam: Content analysis details: (-0.1 points, 5.0 required) pts rule name description -- ---

Re: PDF-Spam passing SA

But funny thing, my SA can't filter PDF spam if it was sent in regular way. I mean it passes it throught without scoring it. Yours was triggered as spam when I checked it with: spamassassin -t -D < message.eml Eugene Starckjohann, Ove wrote: > > Hi! > > The following PDF-Spam is passing thro

Re: PDF-Spam passing SA

I checked this email against my SA, this is what I've got: Content analysis details: (10.1 points, 5.0 required) pts rule name description -- -- -1.8 ALL_TRUSTEDPassed through trusted hosts only

Re: PDF-Spam passing SA

On 8/8/2007 10:54 AM, Starckjohann, Ove wrote: Hi! The following PDF-Spam is passing through: http://ghds.de/20070808074441242.eml.txt System ist Debian Sarge with SA 3.1.7. I'm already using: PDFInfo 0.7 80_additional.cf Anyone scoring over 5? How to get it caught ? With PDFinfo you can g

Re: PDF spam

Hi! Personally, I've been able to keep them under control with good bayes training, automated training by spamtraps, and a selective greylist, so I have not yet tried this plugin. Plugin seems to work great, but is it stable enough for big production environments ? Any issues ? It sure is.

RE: PDF spam

-Original Message- From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Thursday, July 19, 2007 11:06 AM To: users@spamassassin.apache.org Subject: Re: PDF spam On Thu, Jul 19, 2007 at 12:50:05PM +0530, Tarak Ranjan wrote: > i'm getting pdf attached spam. please help me stop th

Re: PDF spam

On Thu, Jul 19, 2007 at 12:50:05PM +0530, Tarak Ranjan wrote: > i'm getting pdf attached spam. please help me stop that using > spamassassin... Are you using sa-update? -- Randomly Selected Tagline: "Shell programming can be a difficult lesson in frustration." - Linux Refer

Re: PDF spam

Gene Heskett skrev: On Thursday 19 July 2007, R.Smits wrote: Matt Kettler wrote: Tarak Ranjan wrote: greetings, i'm getting pdf attached spam. please help me stop that using spamassassin... Horacio_FILE_506292_6906.pdf /tarak The PDFInfo plugin from rulesemporium is designed for this kind o

Re: PDF spam

Matt Kettler wrote: > Tarak Ranjan wrote: >> greetings, >> i'm getting pdf attached spam. please help me stop that using >> spamassassin... >> >> Horacio_FILE_506292_6906.pdf >> >> /tarak >> >> > The PDFInfo plugin from rulesemporium is designed for this kind of > thing. > > http://www.rulese

Re: PDF spam

On Thursday 19 July 2007, R.Smits wrote: >Matt Kettler wrote: >> Tarak Ranjan wrote: >>> greetings, >>> i'm getting pdf attached spam. please help me stop that using >>> spamassassin... >>> >>> Horacio_FILE_506292_6906.pdf >>> >>> /tarak >> >> The PDFInfo plugin from rulesemporium is designed for t

Re: PDF spam

On Thu, 19 Jul 2007 at 07:41 -0500, [EMAIL PROTECTED] confabulated: R.Smits wrote: Matt Kettler wrote: Tarak Ranjan wrote: greetings, i'm getting pdf attached spam. please help me stop that using spamassassin... Horacio_FILE_506292_6906.pdf /tarak The PDFInfo plugin from rulesemporium

Re: PDF spam

R.Smits wrote: Matt Kettler wrote: Tarak Ranjan wrote: greetings, i'm getting pdf attached spam. please help me stop that using spamassassin... Horacio_FILE_506292_6906.pdf /tarak The PDFInfo plugin from rulesemporium is designed for this kind of thing. http://www.rulesem

Re: PDF spam

Yet Another Ninja skrev: On 7/19/2007 1:10 PM, Anders Norrbring wrote: Matt Kettler skrev: Tarak Ranjan wrote: greetings, i'm getting pdf attached spam. please help me stop that using spamassassin... Horacio_FILE_506292_6906.pdf /tarak The PDFInfo plugin from rulesemporium is designed fo

Re: PDF spam

On 7/19/2007 1:10 PM, Anders Norrbring wrote: Matt Kettler skrev: Tarak Ranjan wrote: greetings, i'm getting pdf attached spam. please help me stop that using spamassassin... Horacio_FILE_506292_6906.pdf /tarak The PDFInfo plugin from rulesemporium is designed for this kind of thing. ht

Re: PDF spam

Matt Kettler wrote: > Tarak Ranjan wrote: >> greetings, >> i'm getting pdf attached spam. please help me stop that using >> spamassassin... >> >> Horacio_FILE_506292_6906.pdf >> >> /tarak >> >> > The PDFInfo plugin from rulesemporium is designed for this kind of thing. > > http://www.rulesemp

Re: PDF spam

Matt Kettler skrev: Tarak Ranjan wrote: greetings, i'm getting pdf attached spam. please help me stop that using spamassassin... Horacio_FILE_506292_6906.pdf /tarak The PDFInfo plugin from rulesemporium is designed for this kind of thing. http://www.rulesemporium.com/plugins.htm Persona

Re: PDF spam

Tarak Ranjan wrote: > greetings, > i'm getting pdf attached spam. please help me stop that using > spamassassin... > > Horacio_FILE_506292_6906.pdf > > /tarak > > The PDFInfo plugin from rulesemporium is designed for this kind of thing. http://www.rulesemporium.com/plugins.htm Personally, I've

Re: PDF spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tarak Ranjan wrote: > greetings, > i'm getting pdf attached spam. please help me stop that using > spamassassin... > > Horacio_FILE_506292_6906.pdf > > /tarak > Hey, you can use the PDFInfo plugin for spamassassin (http://www.rulesemporium.com/pl

Re: pdf spam solution idea

arni wrote: Hi, its come up several times now that people ask for a way to directly detect pdf spam by the pdf content and not only through headers or other means (hashes, bayes). I've found a solution that should be pretty easy to realise in a Fuzzy-OCR like plugin. Here is what it should do