Grreting card scams

Fri Jul 27 17:54:19 IST 2007

Snap. Unless Glenn buys them all ;)

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
From: "Glenn Steen" <glenn.steen at gmail.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: 27 July 2007 16:11:28 o'clock (GMT) Europe/London
Subject: Re: Grreting card scams

On 27/07/07, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
>
>
> Glenn Steen wrote:
> > On 27/07/07, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
> >
> >> Richard Frovarp wrote:
> >>
> >>> Matt Kettler wrote:
> >>>
> >>>> Glenn Steen wrote:
> >>>>
> >>>>
> >>>>> On 27/07/07, Matt Kettler <mkettler at evi-inc.com> wrote:
> >>>>>
> >>>>>
> >>>>>> Rick Cooper wrote:
> >>>>>>
> >>>>>> Given that running clamscan on the email file outside of MailScanner
> >>>>>> detects it
> >>>>>> as a virus, I've already conclusively proven clamav has the signature
> >>>>>> and it
> >>>>>> works properly.
> >>>>>>
> >>>>>> One observation, though, the specific test messages I used detected as
> >>>>>> 1221 not
> >>>>>> 1222, but they're all related.
> >>>>>>
> >>>>>> ecardspam1.eml: Email.Phishing.RB-1221 FOUND
> >>>>>> ecardspam2.eml: Email.Phishing.RB-1221 FOUND
> >>>>>> ecardspam3.eml: Email.Phishing.RB-1221 FOUND
> >>>>>>
> >>>>>> However, if you insist:
> >>>>>> # sigtool --list-sigs|grep Email.Phishing.RB-1222
> >>>>>> Email.Phishing.RB-1222
> >>>>>>
> >>>>>> Yes, it's there. Yes, clamscan can use it, and clamscan properly
> >>>>>> detects the
> >>>>>> messages as viruses when executed manually. No, clamav via MailScanner
> >>>>>> cannot
> >>>>>> detect it.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> Could this perhaps have anything to do with how clam gets fed the
> >>>>> message in MailScanner....? If I'm not completely senile (always a
> >>>>> possibility:-), MS doesn't feed it the complete message, hence some
> >>>>> newstyle sigs will never (be able to) trigger.
> >>>>>
> >>>>>
> >>>> That goes back to my original statement that I felt that the
> >>>> difference had to
> >>>> do with the fact that my MailScanner isn't up-to-date.
> >>>>
> >>>> I'm quite convinced that this is a MailScanner interfacing issue, as
> >>>> it is quite
> >>>> clear clamav is working properly outside MS.
> >>>>
> >>>> (Note: Personally I don't have a problem with this "issue", I was
> >>>> merely joining
> >>>> in and commenting on it hoping my observations could help others who
> >>>> do have
> >>>> problems with it.)
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>> I don't have that one tripping either. I figure it is due to the fact
> >>> that I stop a lot at the MTA and delete high scoring spam so they
> >>> never even reach clam.
> >>>
> >> I have now written support for passing entire messages to the ClamAV
> >> scanners. There is a new setting called "Reliably Detect Spam With
> >> ClamAV" which is "no" by default as it has a speed impact. It has no
> >> effect when the ClamAV scanners are not being used.
> >>
> >> I'll release a new beta shortly.
> >>
> >> Jules
> >>
> > You know what Jules... You're an absolute wonder!:)
> > Was that a book you had on your list, or is it gone already?
> >
> The book is still there...
>
I'll see what I can do about that ... later tonight...

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.