New SPAM e-mails recently?

DAve dave.list at pixelhammer.com
Thu Nov 9 21:55:54 GMT 2006 

Steve Campbell wrote:
> OK, I searched for  SARE_MLB_Stock5 through Mailwatch, and none of the 
> 200k+ emails have been hit by this rule. That's really strange.
> 
> Do you want me to start a new thread or maybe someone has a clue as to 
> what's going on.
> 
> I have the 70_sare_stocks.cf in my /etc/mail/spamassassin directory. Is 
> this right? The rules are added when I update my Mailwatch SA rules, so 
> I think it's OK.
> 
> Sorry to hijack - sort of related.
> 
> Steve
> 
> 
> 
> ----- Original Message ----- From: "Steve Campbell" <campbell at cnpapers.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Thursday, November 09, 2006 4:00 PM
> Subject: Re: New SPAM e-mails recently?
> 
> 
>>
>> ----- Original Message ----- From: "DAve" <dave.list at pixelhammer.com>
>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>> Sent: Thursday, November 09, 2006 3:43 PM
>> Subject: Re: New SPAM e-mails recently?
>>
>>
>>> Jason Williams wrote:
>>>> Anyone been getting some new SPAM recently, where it comes in with
>>>> subjects like:
>>>>
>>>> It's Lorenzo :)
>>>> It's Flavia :)
>>>>
>>>> Bunch of names in the subject line.
>>>>
>>>> In the body of the message, it is a wide range of things like to buy
>>>> viagra and cialis.
>>>> Or a couple today are for buying stock (buy this symbol) etc.
>>>>
>>>> Anyone been getting these? Im still getting my SA rules back in order.
>>>> Wasn't sure if any of these were sneaking through to anyone else.
>>>> For those that are blocking, what is catching it so I can quickly 
>>>> put it
>>>> in?
>>>
>>> We've been seeing them by the thousands here.
>>>
>>> Score    Matching Rule    Description
>>> 0.00    BAYES_50    Bayesian spam probability is 40 to 60%
>>> 1.66    SARE_CSBIG    Only Mexican food gives me an Explosive Gain.
>>> 1.66    SARE_MLB_Stock1
>>> 1.66    SARE_MLB_Stock5    Mentions stock symbol, tickers, or OTC.
>>>
>>> SARE stocks catches them right off.
>>
>> Not so here. I never see SARE stocks in any of them. It appears to be 
>> image based here, not sure though. Course, I load the SARE stocks 
>> manually and mine is from October 31.
>>
>> Steve

We have gotten 7200 in the last five days (those that made it past the 
MTA rules). I consistently hit on SARE stock rules, at least the dozen 
messages I checked. Here is what I am running,

bash-2.05b# head 70_sare_stocks.cf
# SARE Stocks Ruleset for SpamAssassin
# Version: 01.00.37
# Created: 2005-12-18
# Modified: 2006-10-18
# License: Artistic -  http://www.rulesemporium.com/license.txt
# Current Maintainer: Sare Ninja - maddoc at maddoc.net
# Current Home: http://www.rulesemporium.com/rules/70_sare_stocks.cf

This on all servers.

I also see a sprinkling of date in future, missing headers, garbage_this 
and garbage_that. SARE Stocks is consistently hitting every message.

DAve





-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

More information about the MailScanner mailing list