On Tue, 2 Jun 2009, Yet Another Ninja wrote:
On 6/2/2009 7:55 PM, John Hardin wrote:
Oh, sorry, I got that backwards checking for _not_ PHP... Never mind
those last rules.
The mailer is going to be easy to change (even randomly) in a spam tool.
I'd suggest that it's not valid to check tha
On 2-Jun-2009, at 07:10, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550
bite word
attachment?
I reject .doc attachments since they can carry macro virus payloads.
--
We will fight for Bovine Freedom and hold our large heads high
We will run free with
On Tue, 2 Jun 2009, John Hardin wrote:
Well, any tool that's composing MIME messages can choose to omit a text
body part if no text is available... (snip)
In practice, we're only seeing it in spams. There may be false positives in
some unusual situations, but it's not likely with legitimate huma
On Tue, 2 Jun 2009, Charles Gregory wrote:
Just to be sure that I'm thinking the right way about the 'no text body
part' rule: If someone sends a 'normal' message, but elects to not type
any text into the body, there *will* still be a mime 'text' section, and
it will just be empty, right?
I
Just to be sure that I'm thinking the right way about the 'no text body
part' rule: If someone sends a 'normal' message, but elects to not type
any text into the body, there *will* still be a mime 'text' section, and
it will just be empty, right? So the 'no text body' would mean that the
mess
: word doc spam
On Tue, 2 Jun 2009, Dave Walker wrote:
John Hardin wrote:
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite
word attachment?
Can you post a sample somewhere for us?
Hi,
I assume he means the recent surge in &quo
ftp://ftp.fcimail.org/IT/SA_Sample/message.txt
-Original Message-
From: John Hardin [mailto:jhar...@impsec.org]
Sent: Tuesday, June 02, 2009 11:18 AM
To: SpamAssassin Users List
Subject: Re: word doc spam
On Tue, 2 Jun 2009, Dave Walker wrote:
> John Hardin wrote:
>> On T
On Tue, 2 Jun 2009, Dave Walker wrote:
John Hardin wrote:
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite
word attachment?
Can you post a sample somewhere for us?
Hi,
I assume he means the recent surge in "rtf" attachment sp
On 02.06.09 09:10, Jean-Paul Natola wrote:
> Is there a rule to catch these messages with no body and a 550 bite word
> attachment?
> The only rule its triggering is the
> RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
I reject these at SMTP level...
--
Matus UHLAR -
]
Sent: Tuesday, June 02, 2009 9:47 AM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: word doc spam
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite word
attachment?
Can you post a sample somewhere for us
If you look back a whopping 2 days in the list archive,
there are some rules that are very good at catching this
.rtf spam.
John Hardin wrote:
> On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
>
>> Is there a rule to catch these messages with no body and a 550 bite
>> word attachment?
>
> Can you post a sample somewhere for us?
>
Hi,
I assume he means the recent surge in "rtf" attachment spam. I've posted
two examples:
htt
Correction they are rtf not doc
ftp://ftp.fcimail.org/IT/SA_Sample/shambling.rtf
-Original Message-
From: John Hardin [mailto:jhar...@impsec.org]
Sent: Tuesday, June 02, 2009 9:47 AM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: word doc spam
On Tue, 2 Jun
On Tue, 2009-06-02 at 09:10 -0400, Jean-Paul Natola wrote:
> Hi all,
>
> Is there a rule to catch these messages with no body and a 550 bite word
> attachment?
Yes, add the SaneSecurity clamav signatures.
codling.rtf: Sanesecurity.Spam.10307.UNOFFICIAL FOUND
Integration with spamassassin left
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite word
attachment?
Can you post a sample somewhere for us?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -
Hi all,
Is there a rule to catch these messages with no body and a 550 bite word
attachment?
thx
The only rule its triggering is the
RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
Title: RE: Word Doc spam
>
> Are there other subjects, or just these two:
> Bill Summary - Invoice #.
> August Payment Summary, Invoice #.
I'm only seeing those 2. But you can't really right a rue for just that without major FPs. Going to have to meta with another sign.
--Chris
Words by Chris Santerre [Fri, Aug 11, 2006 at 12:12:41PM -0400]:
>
>
...
> >
> > I'd always thought that it would be nice for the Open Office
> > people to
> > create a simple command-line utility to convert Word files to
> > plain text
> > for spam checking. Or it could strip any macros for
Chris Santerre wrote:
-Original Message-
From: Rob Poe [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 5:40 PM
To: Kenneth Porter; users@spamassassin.apache.org
Subject: Re: Word Doc spam
I got one of these too...
Kenneth Porter <[EMAIL PROTECTED]> 8/8/2006 8
Title: RE: Word Doc spam
> -Original Message-
> From: Rob Poe [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 10, 2006 5:40 PM
> To: Kenneth Porter; users@spamassassin.apache.org
> Subject: Re: Word Doc spam
>
>
> I got one of these too...
>
&
I got one of these too...
>>> Kenneth Porter <[EMAIL PROTECTED]> 8/8/2006 8:07 AM >>>
--On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers
<[EMAIL PROTECTED]> wrote:
> Received in my .mac (basically a spam bin) account.
> http://www.triksys.be/docspam.jpg = screenshot of word doc attache
--On Wednesday, August 09, 2006 1:01 AM +0200 Mark Martinec
<[EMAIL PROTECTED]> wrote:
In the FreeBSD ports collection it comes under: textproc/antiword
or fetch it from its home site: http://www.winfield.demon.nl/
Cool. What's involved in integrating this into SA? Can the image plugin
machi
> From: "Ralf Hildebrandt" <[EMAIL PROTECTED]>
> > man antiword
>
> No manual entry for antiword
Looks really useful and straightforward, thanks Ralf!
In the FreeBSD ports collection it comes under: textproc/antiword
or fetch it from its home site: http://www.winfield.demon.nl/
Mark
> From: "Ralf Hildebrandt" <[EMAIL PROTECTED]>
>
> >* Kenneth Porter <[EMAIL PROTECTED]>:
> >
> >> I was surprised to see one of these as well.
> >>
> >> I'd always thought that it would be nice for the Open
> Office people to
> >> create a simple command-line utility to convert Word files
> to pla
From: "Ralf Hildebrandt" <[EMAIL PROTECTED]>
* Kenneth Porter <[EMAIL PROTECTED]>:
I was surprised to see one of these as well.
I'd always thought that it would be nice for the Open Office people to
create a simple command-line utility to convert Word files to plain text
for spam checking.
* Kenneth Porter <[EMAIL PROTECTED]>:
> I was surprised to see one of these as well.
>
> I'd always thought that it would be nice for the Open Office people to
> create a simple command-line utility to convert Word files to plain text
> for spam checking.
man antiword
--
Ralf Hildebrandt (i.
--On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers
<[EMAIL PROTECTED]> wrote:
Received in my .mac (basically a spam bin) account.
http://www.triksys.be/docspam.jpg = screenshot of word doc attached.
Neer seen this before
Is this new, or old news?
211.16.219.135 is in all kinds of
Received in my .mac (basically a spam bin) account.http://www.triksys.be/docspam.jpg = screenshot of word doc attached.Neer seen this beforeIs this new, or old news?211.16.219.135 is in all kinds of blacklists though.Patrick SneyersBelgiumVan: Robert Nicholson <[EMAIL PROTECTED]>Datum: 8 august
28 matches
Mail list logo
