image spam again :)
Michael Mansour
micoots at yahoo.com
Tue Aug 25 09:03:57 IST 2009
Hi Jonas,
> From: Jonas A. Larsen <jonas at vrt.dk>
> Subject: RE: image spam again :)
> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
> Received: Tuesday, 25 August, 2009, 4:18 PM
> > > we are seeing a lot of
> image spam again. we are running sa update and
> > > the image tings they publish / imageinfo.cf and
> others. But lately a lot
> > > is getting through.
> > >
> >
> > I hadn't noticed... use zen.spamhaus.org and
> bl.spamcop.net at SMTP time
> > along with 15 mins of greylisting for unknown
> hosts. Problem solved.
> >
> > Regards,
> > Steve.
>
> Mmmm well let's be frank Steve, that’s just simply
> entirely untrue :)
>
> The past weeks have seen a rise in image based spam, where
> many of them (the
> ones that doesn’t hit obvious rbl's etc) slip by even ocr
> plugins etc.
>
> If you take a look at the SA list you can see lots of
> people are seeing this
> new bunch of image spams and pretty penetrating.
>
> So far there's no sure fire way of stopping it if you are
> to judge by the sa
> users responses.
>
> I use spamhaus and spamcop in mta and greylist, and I've
> gotten a few of
> them myself.
>
> Many of them use the so called "flag" method where the
> image looks "wavy"
> like a flag, which is probably whats disabling the ocr
> techniques.
>
> If anybody got any advice I'd love to hear it.
From my end, I haven't noticed any image spam getting through. But, I use SaneSecurity clam signatures which import the MSRBL image spam definitions, so maybe that is why?
I don't have time to go through the virus infected emails, but I'd suggest if you don't use SaneSecurity signatures in ClamAV, you should.
Regards,
Michael.
__________________________________________________________________________________
Find local businesses and services in your area with Yahoo!7 Local.
Get started: http://local.yahoo.com.au
More information about the MailScanner
mailing list