You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Johnson, S" <sj...@edina.k12.mn.us> on 2007/01/23 17:45:44 UTC
market buy with image
I've got a particular type of spam that is driving me nuts here. It's
the same type of message coming from many different servers (I'm not
sure how many yet, but the first 8 messages of this type I've looked at
are all different). Basically, each message has a random subject
followed by a small jumbled paragraph then there is an image with the
message "investor alert, stock symbol, etc..." (Are people really that
stupid to invest into something like this? =O) and finally another
jumbled paragraph.
When I looked up the IP addresses in the RBLs, they all are free and
clear. I was thinking about adding in a optical recognition but there's
"noise" in the image that may make it hard for the program to read.
I'm sure we're not the only ones receiving this type of spam... What are
people doing to stop it?
RE: Re[2]: market buy with image
Posted by R Lists06 <li...@abbacomm.net>.
>
> My rules are very aggressive, but they can and possibly will cause
> FP's!! As soon as 3.2 is released, those rules of mine that survive
> the rescoring and mass-check runs will be included in the stock rules!
>
> Frederic Tarasevicius
Good lookin' out Frederic
Will you please keep us posted as that happens so that those of us that are
old enough and have the "sometimers" disease will remember to deal with the
resultant issues?
Sometimes I remember, sometimes I dont
:-)
- rh
--
Robert - Abba Communications
Computer & Internet Services
(509) 624-7159 - www.abbacomm.net
Re[2]: market buy with image
Posted by Fred T <sp...@freddyt.com>.
Hello R,
Tuesday, January 23, 2007, 12:53:00 PM, you wrote:
> Thanks, if anyone out there running some or a lot of the FRED rules with a
> lot of success or should we only run certain ones in general
> Bottom line is, I don't know how aggressive or not the rulesets are etc
> Please advise and thanks!
My rules are very aggressive, but they can and possibly will cause
FP's!! As soon as 3.2 is released, those rules of mine that survive
the rescoring and mass-check runs will be included in the stock rules!
Frederic Tarasevicius
Re[2]: market buy with image
Posted by Fred T <sp...@freddyt.com>.
Hello Henrik,
Tuesday, January 23, 2007, 2:17:04 PM, you wrote:
> I tried File001 some time ago, and didn't need wait long for FPs. The scores
> are way too high (many are 10+? whats up with that?), and the rules are
> _very_ broad. For example, just mistype "remov" or "ssex" in your mail, and
> it goes into oblivion..
Those rules (without scores) have been submitted for inclusion in 3.2,
they'll be checked and given appropriate scores in the near future.
Yes I can agree the scores are high, but it doesn't take much work to
nullify those scores with your own, the best solution here is to use
svn 3.2 and sa-update to get those of my rules that are performing
good.
--
Best regards,
Fred mailto:spamassassin@freddyt.com
Re: market buy with image
Posted by Henrik Krohns <he...@stream.hege.li>.
On Tue, Jan 23, 2007 at 11:56:14AM -0600, Doc Schneider wrote:
> R Lists06 wrote:
> >>I'd use 00_FVGT_File001.cf which is a new file Fred. This combines a
> >>lot of his older 88_FVGT* cf files into one.
> >>
> >>
> >>--
> >>
> >> -Doc
> >>
> >
> >Thanks, if anyone out there running some or a lot of the FRED rules with a
> >lot of success or should we only run certain ones in general
> >
> >Bottom line is, I don't know how aggressive or not the rulesets are etc
> >
> >Please advise and thanks!
> >
>
> I personally run all Fred's rules and never have seen a FP. Of course as
> with anything YMMV.
No offence to Fred, but the rules are very work-in-progress. :)
I tried File001 some time ago, and didn't need wait long for FPs. The scores
are way too high (many are 10+? whats up with that?), and the rules are
_very_ broad. For example, just mistype "remov" or "ssex" in your mail, and
it goes into oblivion..
Cheers,
Henrik
Re: market buy with image
Posted by Doc Schneider <ma...@maddoc.net>.
R Lists06 wrote:
>> I'd use 00_FVGT_File001.cf which is a new file Fred. This combines a
>> lot of his older 88_FVGT* cf files into one.
>>
>>
>> --
>>
>> -Doc
>>
>
> Thanks, if anyone out there running some or a lot of the FRED rules with a
> lot of success or should we only run certain ones in general
>
> Bottom line is, I don't know how aggressive or not the rulesets are etc
>
> Please advise and thanks!
>
I personally run all Fred's rules and never have seen a FP. Of course as
with anything YMMV.
--
-Doc
SA/SARE -- Ninja
11:52am up 9 days, 20:50, 15 users, load average: 0.78, 0.89, 1.20
SARE HQ http://www.rulesemporium.com/
RE: market buy with image
Posted by R Lists06 <li...@abbacomm.net>.
>
> I'd use 00_FVGT_File001.cf which is a new file Fred. This combines a
> lot of his older 88_FVGT* cf files into one.
>
>
> --
>
> -Doc
>
Thanks, if anyone out there running some or a lot of the FRED rules with a
lot of success or should we only run certain ones in general
Bottom line is, I don't know how aggressive or not the rulesets are etc
Please advise and thanks!
- rh
--
Robert - Abba Communications
Computer & Internet Services
(509) 624-7159 - www.abbacomm.net
Re: market buy with image
Posted by Doc Schneider <ma...@maddoc.net>.
R Lists06 wrote:
> By fred rules, do you mean by Fred Tarasevicius
>
> Which specific fred rules are the best by experience?
>
> Thanks!
>
I'd use 00_FVGT_File001.cf which is a new file Fred. This combines a
lot of his older 88_FVGT* cf files into one.
--
-Doc
SA/SARE/URIBL/SURBL -- Ninja
11:08am up 9 days, 20:06, 15 users, load average: 0.37, 0.84, 0.79
SARE HQ http://www.rulesemporium.com/
RE: market buy with image
Posted by R Lists06 <li...@abbacomm.net>.
By fred rules, do you mean by Fred Tarasevicius
Which specific fred rules are the best by experience?
Thanks!
- rh
--
Robert - Abba Communications
Computer & Internet Services
(509) 624-7159 - www.abbacomm.net
RE: market buy with image
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
Hi
The sare and fred rules from www.rulesemporium.com are useful here.
Also DCC pyzor and razor2 can help.
Also make sure you've sa-updated the latest 3.1.7 core rules as these
have some tuning to help..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Johnson, S [mailto:sjohnson@edina.k12.mn.us]
> Sent: 23 January 2007 16:46
> To: users@spamassassin.apache.org
> Subject: market buy with image
>
> I've got a particular type of spam that is driving me nuts here. It's
the
> same type of message coming from many different servers (I'm not sure
how
> many yet, but the first 8 messages of this type I've looked at are all
> different). Basically, each message has a random subject followed by
a
> small jumbled paragraph then there is an image with the message
"investor
> alert, stock symbol, etc..." (Are people really that stupid to invest
into
> something like this? =O) and finally another jumbled paragraph.
>
>
>
> When I looked up the IP addresses in the RBLs, they all are free and
> clear. I was thinking about adding in a optical recognition but
there's
> "noise" in the image that may make it hard for the program to read.
>
>
>
> I'm sure we're not the only ones receiving this type of spam... What
are
> people doing to stop it?
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************