Hi
i received a Spam Email with an Excel File as Atachment
may some one want to have a look on a sample
http://its-h.de/spam_sample/xls_spam.txt
--
IT Service Häker
Matthias Häker
Fettstr. 3
20357 Hamburg
Tel: +49 (0)40 98238807
Fax: +49 (0)40 52596583
Mob: +49 (0)176 65571482
On Mon, 16 Jul 2007, Robert Fitzpatrick wrote:
> On Mon, 2007-07-16 at 14:51 +0100, Alexis Manning wrote:
> > What are people getting for the following stock spam? Ones like this keep
> > scoring just under 5 for me.
>
> Same here, just under 5.0 and a lot...
>
> htt
On Mon, 2007-07-16 at 14:51 +0100, Alexis Manning wrote:
> What are people getting for the following stock spam? Ones like this keep
> scoring just under 5 for me.
>
Same here, just under 5.0 and a lot...
http://esmtp.webtent.net/clean-ZGw0SdPapnBE
Anyone able to catch these?
--
Robert
What are people getting for the following stock spam? Ones like this keep
scoring just under 5 for me.
I am running a good wodge of the SARE rules, Imageinfo, ixHash, FuzzyOCR,
Botnet, plus custom rules that penalise emails not sent directly to me and
those sent via various spammy countries
On Jul 6, 2007, at 05:39, [EMAIL PROTECTED] wrote:
just out of curiosity: would the codes WKN or ISIN (in the same mail)
make any sense, other than in the context of stocks?
http://www.google.com/search?q=ISIN+WKN
Results 1 - 10 of about 2,540,000 for ISIN WKN. (0.04 seconds)
Looks like Ger
just out of curiosity: would the codes WKN or ISIN (in the same mail)
make any sense, other than in the context of stocks?
Wolfgang
Robert Schetterer schrieb:
http://www.forbes.com/security/2007/06/20/stock-spam-internet-tech-security-cx_ag_0620spam.html
Got like 7 of them, all look pretty much like this:
X-Spam-Report:
* 5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 0.9998
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi @ll,
here is some more info
http://www.forbes.com/security/2007/06/20/stock-spam-internet-tech-security-cx_ag_0620spam.html
- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
https://www.schetterer.org
Germany
-BEGIN PGP
amassassin 3.1.8 with some of the SARE
Rules.
Has anybody an idea what I can do to catch these Stock Spam?
We will add new rules to the SARE stock set to catch up with these.
Bye,
Raymond.
amassassin 3.1.8 with some of the SARE
Rules.
Has anybody an idea what I can do to catch these Stock Spam?
Bye
Stefan
pgpsAs0o9fPkA.pgp
Description: PGP signature
]
> Sent: 22 February 2007 15:33
> To: SpamAssassin List
> Subject: Re: Stock Spam Getting Through
>
> This might be identical to one I got today. I put it up clean at:
> http://2chronicles36.org/spam/stock.txt
>
> I'm also on 3.1.7 with latest update, all the net
This might be identical to one I got today. I put it up clean at:
http://2chronicles36.org/spam/stock.txt
I'm also on 3.1.7 with latest update, all the network tests, plus
FuzzyOcr.cf and KAM.cf, otherwise no extras.
Andy Figueroa
David Goldsmith wrote:
-BEGIN PGP SIGNED MESSAGE-
Ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We're running SA 3.1.7 with most of the SARE rulesets, including
70_sare_stocks. We're using DCC, Pyzor and Razor. The 'X-SA-Exim-*'
headers are from the source, not us.
Any suggestions as to other tests/checks that could be done to bump the
scores
On 14-Feb-2007, at 16:43, Jonathan Nichols wrote:
http://www.pbp.net/~jnichols/spam2.txt
X-Spam-Status: Yes, score=12.2 required=5.0 tests=BOTNET,BOTNET_NORDNS,
HTML_FONT_BIG,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,
SARE_LWSHORTT,SARE_PROLOSTOCK_SYM3 autolearn=spam versi
* Jonathan Nichols wrote (15/02/07 05:19):
Maciej Friedel wrote:
On 02/14/07 Jonathan wrote:
http://www.pbp.net/~jnichols/spam2.txt
0.0 BOTNET_NORDNS IP address has no PTR record
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 BAYES_50
On Wed, 14 Feb 2007 22:41:45 -0500, Billy Huddleston wrote:
> Here is a one I've been getting.. I use a older version of spambot,
> SARE, and Network tests.. to no avail..
>
> http://www.pastebin.ca/356543
I get...
Content analysis details: (13.4 points, 4.9 required)
pts rule name
At 03:43 PM 2/14/2007, Jonathan Nichols wrote:
Ugh!
http://www.pbp.net/~jnichols/spam2.txt
I've been getting absolutely hammered with these spams. I had over
50 in my inbox this morning.
Any rulesets to deal with them? They're scoring lower and lower all
the time. The one I linked to scored
Maciej Friedel wrote:
On 02/14/07 Jonathan wrote:
http://www.pbp.net/~jnichols/spam2.txt
0.0 BOTNET_NORDNS IP address has no PTR record
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 BAYES_50 BODY: Bayesian spam probability is 40 to 6
Scored very highly for me
Content analysis details: (19.0 points, 5.0 required)
pts rule name description
--
--
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=211.48.218.
Here is a one I've been getting.. I use a older version of spambot, SARE,
and Network tests.. to no avail..
http://www.pastebin.ca/356543
- Original Message -
From: "Brian Wilson" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, February 14, 2007 9:37 PM
Subject: [SPA
On Thu, 15 Feb 2007 02:48:44 +0100, Giampaolo Tomassoni wrote:
> Nah! You cheat! Bayes did already learn this message, right? :)
;DDD
Not intentionally... but we use bayes_auto_learn, so maybe it found it already.
Here's an idea for fun: run a "who scores the highest" competition. Put online
50
On Feb 14, 2007, at 8:48 PM, Giampaolo Tomassoni wrote:
From: Quinn Comendant [mailto:[EMAIL PROTECTED]
On Thu, 15 Feb 2007 01:18:46 +0100, Giampaolo Tomassoni wrote:
I think SARE and some network tests are even better (scores 11.5
with
my surprising Bayes :)
I agree, mine scored it in a
From: Quinn Comendant [mailto:[EMAIL PROTECTED]
>
> On Thu, 15 Feb 2007 01:18:46 +0100, Giampaolo Tomassoni wrote:
> > I think SARE and some network tests are even better (scores 11.5 with
> > my surprising Bayes :)
>
> I agree, mine scored it in a similar way:
>
> Content analysis details: (
On Thu, 15 Feb 2007 01:18:46 +0100, Giampaolo Tomassoni wrote:
> I think SARE and some network tests are even better (scores 11.5 with
> my surprising Bayes :)
I agree, mine scored it in a similar way:
Content analysis details: (11.5 points, 4.9 required)
pts rule name descripti
From: Maciej Friedel [mailto:[EMAIL PROTECTED]
>
> On 02/14/07 Jonathan wrote:
>
> > http://www.pbp.net/~jnichols/spam2.txt
>
> 0.0 BOTNET_NORDNS IP address has no PTR record
> 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.0 BAYES_50
On 02/14/07 Jonathan wrote:
> http://www.pbp.net/~jnichols/spam2.txt
0.0 BOTNET_NORDNS IP address has no PTR record
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5002]
5.0
Jonathan Nichols wrote:
Any rulesets to deal with them? They're scoring lower and lower all the
time. The one I linked to scored -2 :-(
It looks like it tripped BAYES_00. Have you been running these through
sa-learn as spam? That should help, to start.
--
Kelson Vibber
SpeedGate Communicat
Ugh!
http://www.pbp.net/~jnichols/spam2.txt
I've been getting absolutely hammered with these spams. I had over 50 in
my inbox this morning.
Any rulesets to deal with them? They're scoring lower and lower all the
time. The one I linked to scored -2 :-(
* 2.7 SARE_PROLOSTOCK_SYM4 BODY: Last week's hot stock scam
* 1.7 SARE_LWSYMFMT BODY: SARE_LWSYMFMT
I don't know if these SARE rules have been written since you posted this
email though...
Nope. They are rather old. About the same age as LW_STOCK_SPAM4 that is
annoying the Blackberry crow
Pardon my ignorance here, but it is full of mis-spellings and phrases that
you wouldn't normally see, so why not just hit those?
"aid you to know"
"C O S T"
"brroker"
"ama zing"
Peter
1) Most people can't spell these days. These phrases might hit all over the
place on ham.
2) These hadn't bee
Chris Santerre wrote:
> These guys are just rolling in scott free except for bayes.
> See http://2chronicles36.org/stock.txt
>
> I'm using 3.1.7 with latest sa-update + FuzzyOCR.cf & KAM.cf
I must say, that a pretty well done spam. Whoever wrote it put some
thought into the phrasing. This o
> >>
> >> These guys are just rolling in scott free except for bayes.
> >> See http://2chronicles36.org/stock.txt
> >>
> >> I'm using 3.1.7 with latest sa-update + FuzzyOCR.cf & KAM.cf
> >>
> >
> >I must say, that a pretty well done spam. Whoever wrote it put some
> thought
> >into the phrasing.
On 9/02/2007 at 10:06 AM Chris Santerre wrote:
>> -Original Message-
>> From: Andy Figueroa [mailto:[EMAIL PROTECTED]
>> Sent: Friday, February 09, 2007 9:31 AM
>> To: SpamAssassin Users List
>> Subject: More stock spam + strange cf files
>>
>>
> -Original Message-
> From: Andy Figueroa [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 09, 2007 9:31 AM
> To: SpamAssassin Users List
> Subject: More stock spam + strange cf files
>
>
> These guys are just rolling in scott free except for bayes.
> S
Andy Figueroa wrote:
> These guys are just rolling in scott free except for bayes.
> See http://2chronicles36.org/stock.txt
>
> I'm using 3.1.7 with latest sa-update + FuzzyOCR.cf & KAM.cf
>
> Oops, I just found the following in my /etc/mail/spamassassin
> directory, and I don't know where they cam
These guys are just rolling in scott free except for bayes.
See http://2chronicles36.org/stock.txt
I'm using 3.1.7 with latest sa-update + FuzzyOCR.cf & KAM.cf
Oops, I just found the following in my /etc/mail/spamassassin directory,
and I don't know where they came from:
tripwire.cf
random.cf
On Nov 29, 2006, at 6:16 PM, san wrote:
Yeah Giampaolo. with 3.1x it should be alright. But my superior is
still
stick to the old one..:(
Does he also use 3 year old antivirus software with no updates? At
least updating SA is pretty much zero cost other than a few minutes
of time.
ears that you aren't running either Bayes or network
> tests.
> Bayes_99 has always been a real good way to get rid of spam. Here it is
> 3.5
> points. On 2.6 I think it was closer to 4.0 points or maybe more. Note
> there is also another 7+ points to be had from networ
Thanks for ur inputs. when i put across SA this is what i get on my pc..
Content analysis details: (2.3 points, 4.5 required)
pts rule name description
--
--
1.0 Local_Signup BODY: Body mentions Sign
I am recieving lot of stock related spam mails which spam assassin is not
able catch as spam. I have added Sare_stcok.cf file. I cant use imageinfo,
fuzzy ocr as iam using 2.6o ver of spam assassin i think. I have enclosed
the undecoded letter mail of one kind below. Can you plz help me to make
th
> 0.5 HTML_TITLE_EMPTY BODY: HTML title contains no text
>
> It's time to switch to 3.1.7, San. Isn't it? :)
>
> giampaolo
>
>
>>
>>
>> Giampaolo Tomassoni wrote:
>> >
>> > From: san [mailto:[EMAIL PROTECTED]
&
It's time to switch to 3.1.7, San. Isn't it? :)
giampaolo
It was time a long time ago. :-)
The upgrade is good. sa-update is a useful tool.
t;
> > From: san [mailto:[EMAIL PROTECTED]
> >> Sent: Wednesday, November 29, 2006 11:33 PM
> >> To: users@spamassassin.apache.org
> >> Subject: Stock Spam
> >>
> >>
> >>
> >> Hi All,
> >>
> >> I am reci
message
0.5 HTML_TITLE_EMPTY BODY: HTML title contains no text
Giampaolo Tomassoni wrote:
>
> From: san [mailto:[EMAIL PROTECTED]
>> Sent: Wednesday, November 29, 2006 11:33 PM
>> To: users@spamassassin.apache.org
>> Subject: Stock Spam
>>
>>
>>
From: san [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 29, 2006 11:33 PM
> To: users@spamassassin.apache.org
> Subject: Stock Spam
>
>
>
> Hi All,
>
> I am recieving lot of stock related spam mails which spam assassin is not
> able catch as spam. I ha
.1.7, then use sa-update. 2.6x is ancient.
>
> --
> Randomly Selected Tagline:
> "A way out of financial mess is discovered as if by magic!"
> - stupid fortune cookie
>
>
>
--
View this message in context:
http://www.nabble.com/Stock-
On Wed, Nov 29, 2006 at 02:33:02PM -0800, san wrote:
> able catch as spam. I have added Sare_stcok.cf file. I cant use imageinfo,
> fuzzy ocr as iam using 2.6o ver of spam assassin i think. I have enclosed
> the undecoded letter mail of one kind below. Can you plz help me to make
> this kind of mai
qRQGqVI2qRUWqXA
IqUrZKVauqVcypNY+qVgKi1dOqZk6hZheqZoShZluqZsWkdpukBtGqdyShVvCqdzeqd4ehN1mkB5
WkB7yqd9GqiCihJ/ikCDGkCFmqiK+oGHN+o/i/qokBqpkjqplPpCjXqpmJqp91Op7KOpnvqpoGo9
nDqqpFqqpnqqqAp/obqqZJqqrhqmAQEAOw==
305E3064BA67--
--
View this message in context:
http://www.nabble.com/Stock-Spam-tf2728271.html#a7609498
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
most of the stock spam, but today I received a couple of spam peddling
> stocks of CHNC. This spam is so perfect that it's getting negative
> scores and not matchign any of the SARE rules. Any one with same
> experience?
>
> raj
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rajkumar S wrote:
> Hi,
>
> I am using the latest SARE stocks rules, and my spamassassin catches
> most of the stock spam, but today I received a couple of spam peddling
> stocks of CNHC. This spam is so perfect that it's getti
I seem to have exactly one for that stock today. It had so much obfuscation
that I missed it was a stock spam. However, one SARE rule hit, and one of
Theo's hit, along with the usual collection of network tests.
Loren
Hi,
I am using the latest SARE stocks rules, and my spamassassin catches
most of the stock spam, but today I received a couple of spam peddling
stocks of CNHC. This spam is so perfect that it's getting negative
scores and not matchign any of the SARE rules. Any one with same
experience?
raj
om: DAve [mailto:[EMAIL PROTECTED]
> Sent: 20 November 2006 17:41
> To: spamassassin
> Subject: Not all Stock Spam is bad
>
> I had my html turned on in my MUA this morning going through my spam
> box. I saw a stock spam with a background image designed to
> confuse OCR
> -Original Message-
> From: Jim Maul [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 20, 2006 2:36 PM
> To: spamassassin
> Subject: Re: Not all Stock Spam is bad
>
>
> DAve wrote:
> > Randal, Phil wrote:
> >> With FuzzyOCR 3.4.2 and using
Jason Haar wrote:
I'm having marvelous luck with FuzzyOCR - but the spammers are learning too.
When I first started using it just a couple of months ago, it really
whacked the image-based spam. You could see why when "gocr file.gif"
returned nice text that was easy to match against.
However, no
Title: RE: Stock spam in images
Greetings list,
The old timers on the list know I tend to try things outside the norm. Like my strong resistence to sitewide bayes. Well for months I've been using a simpler approach to these Stock Spams w/ images. I don't look at the im
I'm having marvelous luck with FuzzyOCR - but the spammers are learning too.
When I first started using it just a couple of months ago, it really
whacked the image-based spam. You could see why when "gocr file.gif"
returned nice text that was easy to match against.
However, now is a different mat
For Debian Users I've found the follow link, a step by step guide in
order to implement FuzzyOCR and ImageInfo with spamassassin.
http://www200.pair.com/mecham/spam/image_spam.html
Andrea
On Tue, October 3, 2006 00:01, Gary V wrote:
>> For installing the ImageInfo plugin where do you put the ImageInfo.pm
>> without defining a path? Im running CentOS4.4 & Fedora Core 5 as test
>> machines.
> This should find your Plugin directory (which is where you place it):
> find /usr -type d -
For installing the ImageInfo plugin where do you put the ImageInfo.pm
without defining a path? Im running CentOS4.4 & Fedora Core 5 as test
machines.
Thanks!
Wilson
This should find your Plugin directory (which is where you place it):
find /usr -type d -name Plugin
Gary V
> -Original Message-
> From: Randal, Phil [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 02, 2006 3:58 AM
> To: Dylan Bouterse; users@spamassassin.apache.org
> Subject: RE: Stock spam in images
>
> This has been covered so many times on this list.
>
> 1: if
On Mon, Oct 02, 2006 at 11:05:38AM -0500, Stuart Johnston wrote:
> Would it also be possible to create a rule that matches on text rendered
> specifically from a non-text part and not the whole body? That way you
You'd have to do that in a plugin, but otherwise, sure. There's currently no
meth
ge- From: Dylan Bouterse
>> [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 14:38 To:
>> users@spamassassin.apache.org Subject: Stock spam in images
>>
>> I'm a newbie to the list and have been scanning recent posts to
>> see if what I'm about to ask about ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo Van Dinter wrote:
> On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
>>> undetected). Wouldn't it be better to inject the detected
>>> text back to SA? There should be enough variants of spam
>>> worlds to let SA fuzzily catch the one
> > ...omissis...
> >
> > How about the FuzzyOCR plugin? That has been discussed quite a bit
> > here recently.
> >
> > http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
> >
> > --
> > Bowie
>
> And, by the way, it seems to work!
>
> Actually, the only limit I see is the own-made FuzzyOcr.words
>
ike SA 3.2 will let us do that in a sane manner.
>
> Phil
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> > -Original Message-
> > From: Fabien GARZIANO [mailto:[EMAIL PROTECTED]
> > Sent: 02 October 2006 16:1
The real problem is the potentially fuzzy output from the ocr engine: shure all
the copies of the very same spam would be detected the same, but what about
slightly different copies? Would the "use the sa force" approach be feasible?
The use of String::Approx in fuzzyocr has shurely a meaning, b
. Was bugging me.
:)
-Original Message-
From: Dylan Bouterse [mailto:[EMAIL PROTECTED]
Sent: Monday, October 02, 2006 9:38 AM
To: users@spamassassin.apache.org
Subject: Stock spam in images
I'm a newbie to the list and have been scanning recent posts to see if what
I'm abou
ner.
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: Fabien GARZIANO [mailto:[EMAIL PROTECTED]
> Sent: 02 October 2006 16:11
> To: users@spamassassin.apache.org
> Subject: RE: Stock spam in images
>
>
> Too bad
Stuart Johnston wrote:
Theo Van Dinter wrote:
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
undetected). Wouldn't it be better to inject the detected text back
to SA? There should be enough variants of spam worlds to let SA
fuzzily catch the ones from images.
I think so.
Theo Van Dinter wrote:
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
undetected). Wouldn't it be better to inject the detected
text back to SA? There should be enough variants of spam
worlds to let SA fuzzily catch the ones from images.
I think so. Some of the words would be p
sleep
-Message d'origine-
De : Randal, Phil [mailto:[EMAIL PROTECTED]
Envoyé : lundi 2 octobre 2006 16:19
À : users@spamassassin.apache.org
Objet : RE: Stock spam in images
Giampaolo Tomassoni wrote:
> And, by the way, it seems to work!
>
> Actually, the only limit I
> On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
> > > undetected). Wouldn't it be better to inject the detected
> > > text back to SA? There should be enough variants of spam
> > > worlds to let SA fuzzily catch the ones from images.
> >
> > I think so. Some of the words would b
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
> > undetected). Wouldn't it be better to inject the detected
> > text back to SA? There should be enough variants of spam
> > worlds to let SA fuzzily catch the ones from images.
>
> I think so. Some of the words would be perfectly
Giampaolo Tomassoni wrote:
> And, by the way, it seems to work!
>
> Actually, the only limit I see is the own-made FuzzyOcr.words
> (and, maybe, the fact that script text may probably get
> undetected). Wouldn't it be better to inject the detected
> text back to SA? There should be enough vari
AIL PROTECTED]
> Sent: 02 October 2006 14:38
> To: users@spamassassin.apache.org
> Subject: Stock spam in images
>
> I'm a newbie to the list and have been scanning recent posts to see if
> what I'm about to ask about has been covered but I haven't
> seen anythi
>
> ...omissis...
>
> How about the FuzzyOCR plugin? That has been discussed quite a bit
> here recently.
>
> http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
>
> --
> Bowie
And, by the way, it seems to work!
Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the
fa
-Original Message-
From: Bowie Bailey [mailto:[EMAIL PROTECTED]
Sent: Monday, October 02, 2006 9:46 AM
To: users@spamassassin.apache.org
Subject: RE: Stock spam in images
Dylan Bouterse wrote:
> I'm a newbie to the list and have been scanning recent posts to see if
> what I
> I'm a newbie to the list and have been scanning recent posts to see if
> what I'm about to ask about has been covered but I haven't seen anything
> yet.
>
> Lately I have been getting more and more of the stock alert spam but now
> all the good info is in an image and typically following the ima
Dylan Bouterse wrote:
> I'm a newbie to the list and have been scanning recent posts to see if
> what I'm about to ask about has been covered but I haven't seen
> anything yet.
>
> Lately I have been getting more and more of the stock alert spam but
> now all the good info is in an image and typic
15:38
À : users@spamassassin.apache.org
Objet : Stock spam in images
I'm a newbie to the list and have been scanning recent posts to see if what I'm
about to ask about has been covered but I haven't seen anything yet.
Lately I have been getting more and more of the stock alert spam but now all
th
I'm a newbie to the list and have been scanning recent posts to see if
what I'm about to ask about has been covered but I haven't seen anything
yet.
Lately I have been getting more and more of the stock alert spam but now
all the good info is in an image and typically following the image is
random
OCR feature already in 2005.
Unfortunately SPAVI is rather unknown since it is an online program and I
can not publish it on all those free software pages.
http://www.spavi.de SPAVI - the online spam and virus killer
--
View this message in context:
http://www.nabble.com/Image-only-stock-spam--
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: Saturday, August 26, 2006 9:51 PM
Subject: Re: Pse help stock spam
From: "John Fleming" <[EMAIL PROTECTED]>
My server is getting more and more "stock spam" with an image and a
From: "John Fleming" <[EMAIL PROTECTED]>
My server is getting more and more "stock spam" with an image and a few
paragraphs of bayes-obfuscating text. I've been chasing them by either
learning them or increasing the score of SARE or other rules that hit.
Toda
My server is getting more and more "stock spam" with an image and a few
paragraphs of bayes-obfuscating text. I've been chasing them by either
learning them or increasing the score of SARE or other rules that hit.
Today I got several that didn't hit anything useful and were
For what it's worth, I'm bouncing messages that contain mime gif and jpg
files if no reverse DNS is set. It's getting rid of some of it.
Loren Wilton wrote:
>>No, I was thinking of multipart/alternative where one of the
>>alternative streams is nothing but images. That doesn't strike me as
>>legitimate. Can anyone think of a scenario where images *are* a
>>legitimate alternative representation of text?
>>
>>
>
>Doesn't really h
> No, I was thinking of multipart/alternative where one of the
> alternative streams is nothing but images. That doesn't strike me as
> legitimate. Can anyone think of a scenario where images *are* a
> legitimate alternative representation of text?
Doesn't really help. The actual mails have a tin
On Sun, Jun 25, 2006 at 12:49:17PM -0600, Philip Prindeville wrote:
> >No, I was thinking of multipart/alternative where one of the
> >alternative streams is nothing but images. That doesn't strike me as
> >legitimate. Can anyone think of a scenario where images *are* a
> >legitimate alternative re
On Sun, 25 Jun 2006, David B Funk wrote:
> On Sun, 25 Jun 2006, John D. Hardin wrote:
> >
> > No, I was thinking of multipart/alternative where one of the
> > alternative streams is nothing but images. That doesn't strike me as
> > legitimate. Can anyone think of a scenario where images *are* a
>
On Sun, 25 Jun 2006, John D. Hardin wrote:
> On Sun, 25 Jun 2006, Philip Prindeville wrote:
>
> > John D. Hardin wrote:
> >
> > >On Sat, 24 Jun 2006, Philip Prindeville wrote:
> > >
> > >>The spammers send multipart/alternative
> > >>because they want the text/plain section to confuse the Bayes
>
John D. Hardin wrote:
>On Sun, 25 Jun 2006, Philip Prindeville wrote:
>
>
>
>>John D. Hardin wrote:
>>
>>
>>
>>>On Sat, 24 Jun 2006, Philip Prindeville wrote:
>>>
>>>
>>>
The spammers send multipart/alternative
because they want the text/plain section to confuse the Bayes
f
On Sun, 25 Jun 2006, Philip Prindeville wrote:
> John D. Hardin wrote:
>
> >On Sat, 24 Jun 2006, Philip Prindeville wrote:
> >
> >>The spammers send multipart/alternative
> >>because they want the text/plain section to confuse the Bayes
> >>filters, since they know it won't be rendered...
> >
> >
John D. Hardin wrote:
>On Sat, 24 Jun 2006, Philip Prindeville wrote:
>
>
>
>>the text and the images. The spammers send multipart/alternative
>>because they want the text/plain section to confuse the Bayes
>>filters, since they know it won't be rendered...
>>
>>
>
>It seems to me that righ
On Sat, 24 Jun 2006, Philip Prindeville wrote:
> the text and the images. The spammers send multipart/alternative
> because they want the text/plain section to confuse the Bayes
> filters, since they know it won't be rendered...
It seems to me that right there is the spam sign you should be look
Loren Wilton wrote:
>>If, after excluding black, we find that 100% of the color map is that
>>nasty pastel pink or pastel lime green (etc) then it's a spam and we
>>toss it.
>>
>>Sound reasonable?
>>
>>
>
>I was thinking about this the other day. I think the concept is reasonable,
>but as sta
> If, after excluding black, we find that 100% of the color map is that
> nasty pastel pink or pastel lime green (etc) then it's a spam and we
> toss it.
>
> Sound reasonable?
I was thinking about this the other day. I think the concept is reasonable,
but as stated doesn't go far enough, and woul
Michael Scheidell wrote:
>>-Original Message-
>>From: Philip Prindeville [mailto:[EMAIL PROTECTED]
>>Sent: Saturday, June 24, 2006 2:10 PM
>>To: users@spamassassin.apache.org
>>Subject: On bichromatic GIF stock spam
>>
>>
>>I get a lot o
> -Original Message-
> From: Philip Prindeville [mailto:[EMAIL PROTECTED]
> Sent: Saturday, June 24, 2006 2:10 PM
> To: users@spamassassin.apache.org
> Subject: On bichromatic GIF stock spam
>
>
> I get a lot of spam that looks like:
>
> http://pasteb
1 - 100 of 152 matches
Mail list logo
