* Michael Scheidell :
> So it is an intel 32 bit thing or a perl 5.12?
I'm seeing it on intel 32 bit with perl 5.10.1
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 3
On 3/20/11 11:33 PM, Karsten Bräckelmann wrote:
[1] CPU version or rather stepping?
not in my instance.
freebsd jails are like ibm pseries 'lpars'. not exactly visualization,
but chrooted . super chrooted. chrooted users also, root uid is
chrooted as well.
32 systems, exactly the same
On 3/21/11 4:20 AM, Ralf Hildebrandt wrote:
* Michael Scheidell:
So it is an intel 32 bit thing or a perl 5.12?
I'm seeing it on intel 32 bit with perl 5.10.1
works for me on intel 32 and perl 5.10.1.
strange, very strange.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*
On 2011-03-20 at 23:21, guent...@rudersport.de wrote to users@spamassassin:
> On Sun, 2011-03-20 at 22:44 -0500, Dan Grossman wrote:
> > Hmm ... my problem is that I can't get the bug to go away. I've
> > commented out the offending lines in the ruleset download location, and
> > yet the pr
On 3/20/11 10:58 AM, "John Hardin" wrote:
> On Sun, 20 Mar 2011, Matt Elson wrote:
>
>>> fails for me, loops, freebsd 7.3, intel, perl 5.12.3, SA 3.3.1, re2c
>>> 001305
>>>
>>> what rule should we comment out until this is fixed?
>>
>> Commenting out the following fixed it for me, so shoul
On Mon, 21 Mar 2011, Daniel McDonald wrote:
On 3/20/11 10:58 AM, "John Hardin" wrote:
On Sun, 20 Mar 2011, Matt Elson wrote:
fails for me, loops, freebsd 7.3, intel, perl 5.12.3, SA 3.3.1, re2c
001305
I'll disable the whole set in my next commit until this is resolved.
I wonder if tha
On 3/21/11 8:28 AM, "John Hardin" wrote:
> On Mon, 21 Mar 2011, Daniel McDonald wrote:
>
>> On 3/20/11 10:58 AM, "John Hardin" wrote:
>>
>>> On Sun, 20 Mar 2011, Matt Elson wrote:
>>>
> fails for me, loops, freebsd 7.3, intel, perl 5.12.3, SA 3.3.1, re2c
> 001305
>>>
>>> I'll di
On Sat, 19 Mar 2011 05:42:22 +0400
Hamad Ali wrote:
> Can I assume that your solution that detected a portion of the spear
> phish is 100% SA? In case not fully SA, any hints on its mechanics?
It's not fully SA. We don't use the SA Bayes implementation; we have
our own that considers both indiv
On Mon, 21 Mar 2011, Daniel McDonald wrote:
On 3/21/11 8:28 AM, "John Hardin" wrote:
On Mon, 21 Mar 2011, Daniel McDonald wrote:
I wonder if that is why my mass-checks have been taking 16-20 hours each
day?
Can you isolate when that started happening?
Feb 28th ran in 31 minutes.
March
On 3/21/11 11:13 AM, John Hardin wrote:
Nope, that probably isn't the pill_price rules then. They were added
on feb 13 rev 1070308.
then they were updated? why didn't anyone have problems (100% cpu,
loops, swap filling up) till this weekend?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-9
On 2011/03/21 11:16 AM, Michael Scheidell wrote:
Nope, that probably isn't the pill_price rules then. They were added
on feb 13 rev 1070308.
then they were updated? why didn't anyone have problems (100% cpu,
loops, swap filling up) till this weekend?
Presumably due to lack of sufficient ham/sp
Hello,
I know that this discussion took many place here in the past, but our
company is a victim of many phishing attacks so I would like to use any
possible solution.
My idea is that, while there are many many companies sending liegitimate
mail with fake URLs, but those could be whitelisted in a
On 2011/03/21 12:18 PM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that catch fake URLs?
Fake URLs? Do you mean URL obfuscators/redirectors like bit . ly and
tiny url . com? If so, I've had considerable success with Steve
Freegard's DecodeShortURLs p
On 21.03.11 12:27, Jason Bertoch wrote:
> On 2011/03/21 12:18 PM, Matus UHLAR - fantomas wrote:
>> Does anyone successfully use plugin or at least rules that catch fake URLs?
>
> Fake URLs? Do you mean URL obfuscators/redirectors like bit . ly and
> tiny url . com?
Ah, no.
I mean URLs pointing
On 3/21/11 12:37 PM, Matus UHLAR - fantomas wrote:
On 21.03.11 12:27, Jason Bertoch wrote:
On 2011/03/21 12:18 PM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that catch fake URLs?
Fake URLs? Do you mean URL obfuscators/redirectors like bit . ly and
tin
On Mon, 21 Mar 2011, Michael Scheidell wrote:
On 3/21/11 11:13 AM, John Hardin wrote:
Nope, that probably isn't the pill_price rules then. They were added on
feb 13 rev 1070308.
then they were updated? why didn't anyone have problems (100% cpu, loops,
swap filling up) till this weekend?
>>> On 2011/03/21 12:18 PM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that catch fake
URLs?
> On 3/21/11 12:37 PM, Matus UHLAR - fantomas wrote:
>> I mean URLs pointing to different address than they appear, like:
>>
>> http://webmail.example.com
Does anyone successfully use plugin or at least rules that catch fake
URLs?
On 3/21/11 12:37 PM, Matus UHLAR - fantomas wrote:
I mean URLs pointing to different address than they appear, like:
http://webmail.example.com/
On 21.03.11 12:41, Michael Scheidell wrote:
CLAMAV.
I use clamav, i
On 3/21/11 12:57 PM, Matus UHLAR - fantomas wrote:
I use clamav, it somehow doesn't catch them all.
as I have already said, many banks send URL's that do not match, so this is
not possible to implement genreally (Yes, I know it sucks).
with clamav, you can set up a whitelist.
do a 'clamconf'
I'm trying to match any URL that points to a URL shortener.
They typically consist of http(s) followed by a domain name, a slash
and a small series of alphanumeric characters, *without a trailing "/"
or file extension*.
I seem to be having pretty good luck matching the URL, however I can't
Karsten Bräckelmann writes:
> On Sun, 2011-03-20 at 22:09 +0100, JKL wrote:
>> On 03/20/2011 10:04 PM, Karsten Bräckelmann wrote:
>
>> > This appears to be a bug with re2c (using sa-compile) and some
>> > combination of hardware architecture and/or OS. Bug 6558 [1].
>
>> > [1] https://issues.apac
On Mon, 2011-03-21 at 07:45 -0500, Dan Grossman wrote:
> > > Hmm ... my problem is that I can't get the bug to go away. I've
> > > commented out the offending lines in the ruleset download location, and
> > > yet the problem still happens.
> As far as I am aware, I do not use sa-compile. My /e
On 3/21/2011 1:07 PM, Terry Carmen wrote:
> I'm trying to match any URL that points to a URL shortener.
>
> They typically consist of http(s) followed by a domain name, a slash
> and a small series of alphanumeric characters, *without a trailing "/"
> or file extension*.
>
> I seem to be having pre
I've had the problem happen starting Sunday morning with an automatic sa-update.
(I have until Sunday had it automatically sa-compile and restart after an
update)
It affected various 64 bit machines; we only use 64 bit OSs on AMD64 quad and
hex core machines. I use the Suse factory provided desk
Here's an interesting graph of the affect it had on load:
http://mc4.midcoast.com/mrtg/load.html
Took a while for load to subside after fixing it due to the backlog of email
to process.
On Mon, Mar 21, 2011 at 04:12:45PM -0400, jp wrote:
> I've had the problem happen starting Sunday morning with
On Mon, 2011-03-21 at 13:07 -0400, Terry Carmen wrote:
> I'm trying to match any URL that points to a URL shortener.
>
> They typically consist of http(s) followed by a domain name, a slash
> and a small series of alphanumeric characters, *without a trailing "/"
> or file extension*.
>
> I se
On 03/21/2011 10:07 AM, Terry Carmen wrote:
> I'm trying to match any URL that points to a URL shortener.
>
> They typically consist of http(s) followed by a domain name,
> a slash and a small series of alphanumeric characters,
> *without a trailing "/" or file extension*.
>
> I seem to be having
RL, a rule already shipping with SA, does
this. Note that it FPs on a significant amount of marketing ham:
http://ruleqa.spamassassin.org/20110321-r1083702-n/__SPOOFED_URL/detail
MSECSSPAM% HAM% S/ORANK SCORE NAME
0 2.8104 5.9645 0.3200.44 (n/a) __SPOOFED_
On Mon, 21 Mar 2011, jp wrote:
I turned off the automatic updating, restored from a recent backup
/var/lib/spamassassin/, sa-compiled, and it's working great.
I'll wait for word that the stuff distributed via sa-update is fixed.
I'd suggest you disable the PILL_PRICE rules as outlined upthrea
On 2011-03-21 at 14:30, guent...@rudersport.de wrote to users@spamassassin:
> On Mon, 2011-03-21 at 07:45 -0500, Dan Grossman wrote:
> > > > Hmm ... my problem is that I can't get the bug to go away. I've
> > > > commented out the offending lines in the ruleset download location, and
> > >
On Mon, 2011-03-21 at 19:25 -0500, Dan Grossman wrote:
> On 2011-03-21 at 14:30, guent...@rudersport.de wrote to
> users@spamassassin:
> > Are you sure you are suffering from this issue, then?
>
> Pretty sure. It first appeared only after the latest rules update and
> definitely occurs on
31 matches
Mail list logo
