You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Martin.Hepworth" <ma...@solidstatelogic.com> on 2007/08/08 17:49:32 UTC
lottery spam as .doc files
Heads up, the pdf stock spam has morphed to ms-word files for lottery winnings..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
Re: lottery spam as .doc files
Posted by Nigel Frankcom <ni...@blue-canoe.com>.
On Wed, 08 Aug 2007 17:59:41 +0100, "Martin.Hepworth"
<ma...@solidstatelogic.com> wrote:
>It's huge 660KB for the attachments...
>
>I'll dig out a place to drop it to..
I did wonder when the size trump card was gonna get played with SA. I
guess it's now. Here's hoping the folk at SANE can help - they've done
marvels with the pdf problems.
Nigel
RE: lottery spam as .doc files
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
It's huge 660KB for the attachments...
I'll dig out a place to drop it to..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Banyan He [mailto:banyan@rootong.com]
> Sent: 08 August 2007 17:12
> To: Martin.Hepworth
> Cc: spamassassin-users@apache.org
> Subject: Re: lottery spam as .doc files
>
> Hi Martin,
>
> For test, can you please send us the original message you got?
>
> Regards,
>
> Martin.Hepworth wrote:
> > Heads up, the pdf stock spam has morphed to ms-word files for lottery
> winnings..
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> >
> >
> >
> > **********************************************************************
> > Confidentiality : This e-mail and any attachments are intended for the
> > addressee only and may be confidential. If they come to you in error
> > you must take no action based on them, nor must you copy or show them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> > Opinion : Any opinions expressed in this e-mail are entirely those of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data corruption. We advise
> > that you consider this fact when e-mailing us.
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales
> > (Company No:5362730)
> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> > United Kingdom
> > **********************************************************************
> >
> >
> >
> >
>
> --
> ---------------
> Banyan He
> Mail&Web Security
> Mobile: +86 13641777622
> MSN: banyan.he@hotmail.com
> Skype: banyan.he
> Email: banyan@rootong.com
> Website: http://www.rootong.com
>
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
Re: lottery spam as .doc files
Posted by Banyan He <ba...@rootong.com>.
Hi Martin,
For test, can you please send us the original message you got?
Regards,
Martin.Hepworth wrote:
> Heads up, the pdf stock spam has morphed to ms-word files for lottery winnings..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
>
>
>
--
---------------
Banyan He
Mail&Web Security
Mobile: +86 13641777622
MSN: banyan.he@hotmail.com
Skype: banyan.he
Email: banyan@rootong.com
Website: http://www.rootong.com
Re: lottery spam as .doc files
Posted by Jeff Shepherd <je...@tolisgroup.com>.
Wait! You mean those are spam!? :)
Haven't seen those yet, thanks for the heads up. I'll keep my eye out
for those.
-Jeff
Martin.Hepworth wrote:
> Heads up, the pdf stock spam has morphed to ms-word files for lottery winnings..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
>
Re: lottery spam as .doc files
Posted by Kai Schaetzl <ma...@conactive.com>.
Looks like most of the pdf/xls/doc spam gets rejected at MTA level if you
use greylisting and dynamic IP rbls. So far I haven't seen any on my
private server that didn't make it thru to SA unless it got forwarded.
And I have seen only a few on the little less protected servers.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: lottery spam as .doc files
Posted by UxBoD <ux...@splatnix.net>.
Hmmm, interesting one. I would have only just blocked that one :-
Content analysis details: (8.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 SARE_FREE_WEBM_COMWALL Maybe spammer with free email
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
[88.15.90.125 listed in dnsbl.sorbs.net]
2.1 SUBJ_ALL_CAPS Subject is all capitals
1.3 MISSING_HEADERS Missing To: header
-0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.3146]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 WHOIS_NETSOLPR URL registered as a NetSol Private Registration
[URIs: walla.com]
0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in spam
0.5 CRM114_CHECK CRM114: message is UNSURE with crm114-score -2.3600
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
----- Original Message -----
From: "Martin.Hepworth" <ma...@solidstatelogic.com>
To: users@spamassassin.apache.org
Sent: Thursday, August 9, 2007 8:33:15 AM (GMT) Europe/London
Subject: RE: lottery spam as .doc files
OK
Here's the URL for the actual message I got...(before being SA-ed or anything..
http://www.solidstatelogic.com/1IInjp-000ENd-51.txt
I'll leave this up for a couple of days and take it down after the weekend.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Martin.Hepworth [mailto:martinh@solidstatelogic.com]
> Sent: 08 August 2007 16:50
> To: spamassassin-users@apache.org
> Subject: lottery spam as .doc files
>
>
>
> Heads up, the pdf stock spam has morphed to ms-word files for lottery
> winnings..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
RE: lottery spam as .doc files
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
OK
Here's the URL for the actual message I got...(before being SA-ed or anything..
http://www.solidstatelogic.com/1IInjp-000ENd-51.txt
I'll leave this up for a couple of days and take it down after the weekend.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Martin.Hepworth [mailto:martinh@solidstatelogic.com]
> Sent: 08 August 2007 16:50
> To: spamassassin-users@apache.org
> Subject: lottery spam as .doc files
>
>
>
> Heads up, the pdf stock spam has morphed to ms-word files for lottery
> winnings..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************