Graphic Based Spams
Michael Baird
mike at TC3NET.COM
Thu Mar 10 14:34:32 GMT 2005
Ok, great, sounds like upgrading to the latest spamassassin is going to
help.
Regards
Michael Baird
> Michael
>
> ok here's what I got..
>
> tests=FR_HEAD_EMPTY,HTML_20_30,
> HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_24,HTML_MESSAGE,
> RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SARE_HTML_HEAD_EMPTY
>
> score of 8.6, which in my case would tag the subject the deliver (scores
> over 10 don't get delivered).
>
> AS I thought the URI-RBL's didn;t trigger as the email has all the
> images etc inline. BUT the XBL and spamcop RBL's did fire (the only two
> RBL's I use). Also the HTML rules fired some rules inbuilt into sa 3
> (HTML_*)and some from www.rulesemporium.com (SARE_* and FR_*).
>
> So it maybe worth you while upgrading to SA 3.02...as well as putting in
> Fred's rules and the SARE rules from www.rulesemporium.com/rules.htm
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Michael Baird wrote:
> > Thanks Martin, I've put an example up at
> > http://linux.tc3net.com/drwho/viagraspam.tar.gz, if you want to run it
> > through SA 3.02
> >
> > Regards
> > Michael Baird
> >
> >
> >>Michael
> >>
> >>if you can drop the email somewhere I can pick it up (ftp or http site
> >>and save the email as a .txt with ALL the header info), I can run it on
> >>my 3.02 system which also has lots of the SARE and other rules as extras.
> >>
> >>If the html has the pictures embedded within the message (rather than a
> >>call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org
> >>URI-RBL's) won't help much.
> >>
> >>Anyway if you can let me have the mesg I can advise better,
> >>
> >>--
> >>Martin Hepworth
> >>Snr Systems Administrator
> >>Solid State Logic
> >>Tel: +44 (0)1865 842300
> >>
> >>
> >>Michael Baird wrote:
> >>
> >>>Heh guys, this may not be a problem directly related to MailScanner, but
> >>>I'm having issues with spams that are just graphics (Viagra Cheap), they
> >>>score very low and make it through. What is the best way to handle these
> >>>types of spam, tweak the spamassassin scores a bit? Update to the latest
> >>>spamassassin? Just looking for advice on the subject.
> >>>
> >>>Regards
> >>>Michael Baird
> >>>
> >>>------------------------ MailScanner list ------------------------
> >>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>>'leave mailscanner' in the body of the email.
> >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>
> >>>Support MailScanner development - buy the book off the website!
> >>
> >>**********************************************************************
> >>
> >>This email and any files transmitted with it are confidential and
> >>intended solely for the use of the individual or entity to whom they
> >>are addressed. If you have received this email in error please notify
> >>the system manager.
> >>
> >>This footnote confirms that this email message has been swept
> >>for the presence of computer viruses and is believed to be clean.
> >>
> >>**********************************************************************
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list