Graphic Based Spams
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Thu Mar 10 14:29:12 GMT 2005
Michael
ok here's what I got..
tests=FR_HEAD_EMPTY,HTML_20_30,
HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_24,HTML_MESSAGE,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SARE_HTML_HEAD_EMPTY
score of 8.6, which in my case would tag the subject the deliver (scores
over 10 don't get delivered).
AS I thought the URI-RBL's didn;t trigger as the email has all the
images etc inline. BUT the XBL and spamcop RBL's did fire (the only two
RBL's I use). Also the HTML rules fired some rules inbuilt into sa 3
(HTML_*)and some from www.rulesemporium.com (SARE_* and FR_*).
So it maybe worth you while upgrading to SA 3.02...as well as putting in
Fred's rules and the SARE rules from www.rulesemporium.com/rules.htm
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Michael Baird wrote:
> Thanks Martin, I've put an example up at
> http://linux.tc3net.com/drwho/viagraspam.tar.gz, if you want to run it
> through SA 3.02
>
> Regards
> Michael Baird
>
>
>>Michael
>>
>>if you can drop the email somewhere I can pick it up (ftp or http site
>>and save the email as a .txt with ALL the header info), I can run it on
>>my 3.02 system which also has lots of the SARE and other rules as extras.
>>
>>If the html has the pictures embedded within the message (rather than a
>>call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org
>>URI-RBL's) won't help much.
>>
>>Anyway if you can let me have the mesg I can advise better,
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>
>>Michael Baird wrote:
>>
>>>Heh guys, this may not be a problem directly related to MailScanner, but
>>>I'm having issues with spams that are just graphics (Viagra Cheap), they
>>>score very low and make it through. What is the best way to handle these
>>>types of spam, tweak the spamassassin scores a bit? Update to the latest
>>>spamassassin? Just looking for advice on the subject.
>>>
>>>Regards
>>>Michael Baird
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>
>>**********************************************************************
>>
>>This email and any files transmitted with it are confidential and
>>intended solely for the use of the individual or entity to whom they
>>are addressed. If you have received this email in error please notify
>>the system manager.
>>
>>This footnote confirms that this email message has been swept
>>for the presence of computer viruses and is believed to be clean.
>>
>>**********************************************************************
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list