Stock image spam blocking
Greg Borders
gborders at jlewiscooper.com
Thu Apr 27 14:04:15 IST 2006
John Rudd wrote:
>
> On Apr 25, 2006, at 11:35, Matt Kettler wrote:
>
>> Derek Chee wrote:
>>> Hi,
>>>
>>> We've been getting bombarded recently with a lot of the embedded GIF
>>> image OTCBB stock, pump and dump spam. The one with the random
>>> subject,
>>> from and sender lines.
>>>
>>> Has anybody had any luck creating SpamAssassin rules that would help
>>> boost the score? Or better yet a good RBL that blocks them? For RBLs,
>>> we only run the Spamhaus lists. Being a university, we can't run a
>>> very
>>> aggressive RBL list as it would cause too many complaints about
>>> blocking
>>> legitimate email.
>>>
>>
>> the SARE stock ruleset helps here. As do hash-based tests like Razor
>> and DCC.
>
> As has been pointed out, the hash based tests aren't going to catch
> all image spam, because the spammers are smart enough to make small
> changes to images that aren't caught by the human eye, but which do
> produce unique hash results (meaning that they aren't caught by hash
> based systems). As I mentioned last week, someone over on the
> mimedefang list is working on a OCR perl module for feeding those
> images to, so that you can get a bunch of text. The suggestion on the
> list is to then attach that text to the message, so that when you feed
> it to Spam Assassin, it gets picked up by bayes (both for training and
> scoring).
Here's a thought, how about using the identify command from the
ImageMagick package. (http://www.magickwand.org/) With the the -verbose
option, it gives back a lot of info on the image, including a
"signature" string that could be used to feed SA.
Here's a sample output of a random image I have handy:
[user at develop]# identify -verbose gb.jpg
Image: gb.jpg
Format: JPEG (Joint Photographic Experts Group JFIF format)
Geometry: 2550x4200
Class: DirectClass
Type: TrueColor
Endianess: Undefined
Colorspace: RGB
Channel depth:
Red: 8-bits
Green: 8-bits
Blue: 8-bits
Channel statistics:
Red:
Min: 92 (0.360784)
Max: 255 (1)
Mean: 241.566 (0.947317)
Standard deviation: 17.3827 (0.0681675)
Green:
Min: 84 (0.329412)
Max: 255 (1)
Mean: 239.353 (0.93864)
Standard deviation: 19.6521 (0.0770672)
Blue:
Min: 81 (0.317647)
Max: 255 (1)
Mean: 234.329 (0.918937)
Standard deviation: 20.5236 (0.0804845)
Colors: 13126
Rendering-intent: Undefined
Resolution: 300x300
Units: PixelsPerInch
Filesize: 436kb
Interlace: None
Background Color: white
Border Color: #DFDFDF
Matte Color: grey74
Dispose: Undefined
Iterations: 0
Compression: JPEG
Quality: 32
Orientation: Undefined
Comment: LEAD Technologies Inc. V1.01
JPEG-Colorspace: 2
JPEG-Sampling-factors: 1x1,1x1,1x1
Signature:
3fb7fe8ae960ad9879b90c25bc88da1f5c76e51937fc407437bc8549e37f605f
Tainted: False
User Time: 5.340u
Elapsed Time: 0:06
Pixels per second: 2.0mb
Version: ImageMagick 6.2.5 02/13/06 Q16
file:/usr/share/ImageMagick-6.2.5/doc/index.html
--
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060427/1872a80e/attachment.html
More information about the MailScanner
mailing list