image spam again :)
Martin Hepworth
maxsec at gmail.com
Thu Aug 27 09:20:21 IST 2009
Richard
from changelog in latest beta.
3 Swapped over virus-scanning and spam-scanning code completely, so all
virus-scanning code is done before spam-scanning code. It won't virus-
scan "Silent Viruses" which is pretty much all of them now, so it should
work okay. This allows me to introduce...
3 New feature to allow detection of "spam-viruses" which are items of spam
that are reported by your virus scanner. You can set 2 new configuration
options:
Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/*
The names of the "spam-viruses" found are those viruses reported by your
virus scanners which match any of the strings given in "Virus Names Which
Are Spam". These "spam-virus" names are added to the header set by
"Spam-Virus Header". You can then write a SpamAssassin rule in
spam.assassin.prefs.conf which gives a score for the presence or contents
of this header. I supply an example rule which adds a score of 3 if the
header exists. Feel free to re-write and extend that rule! It will not work
unless you customise it. You could even write a "SpamAssassin Rule Action"
to handle this rule specially!
I think does want you want.
--
Martin Hepworth
Oxford, UK
2009/8/27 Richard Mealing <richard at fastnet.co.uk>
> Hi Michael,
>
> I am using that sanesecurity and it's great (thanks for the heads up),
> however I was wondering if there is a way to forward on the spam mail to the
> recipient, like spamassassins mail it goes off as per the ruleset, but
> because this is clamav catching the spam it gets quarantined.
>
> Any thoughts?
>
> Many thanks,
> Rich
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Mansour
> Sent: 25 August 2009 09:04
> To: MailScanner discussion
> Subject: RE: image spam again :)
>
> Hi Jonas,
>
> > From: Jonas A. Larsen <jonas at vrt.dk>
> > Subject: RE: image spam again :)
> > To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
> > Received: Tuesday, 25 August, 2009, 4:18 PM
> > > > we are seeing a lot of
> > image spam again. we are running sa update and
> > > > the image tings they publish / imageinfo.cf and
> > others. But lately a lot
> > > > is getting through.
> > > >
> > >
> > > I hadn't noticed... use zen.spamhaus.org and
> > bl.spamcop.net at SMTP time
> > > along with 15 mins of greylisting for unknown
> > hosts. Problem solved.
> > >
> > > Regards,
> > > Steve.
> >
> > Mmmm well let's be frank Steve, that’s just simply
> > entirely untrue :)
> >
> > The past weeks have seen a rise in image based spam, where
> > many of them (the
> > ones that doesn’t hit obvious rbl's etc) slip by even ocr
> > plugins etc.
> >
> > If you take a look at the SA list you can see lots of
> > people are seeing this
> > new bunch of image spams and pretty penetrating.
> >
> > So far there's no sure fire way of stopping it if you are
> > to judge by the sa
> > users responses.
> >
> > I use spamhaus and spamcop in mta and greylist, and I've
> > gotten a few of
> > them myself.
> >
> > Many of them use the so called "flag" method where the
> > image looks "wavy"
> > like a flag, which is probably whats disabling the ocr
> > techniques.
> >
> > If anybody got any advice I'd love to hear it.
>
> From my end, I haven't noticed any image spam getting through. But, I use
> SaneSecurity clam signatures which import the MSRBL image spam definitions,
> so maybe that is why?
>
> I don't have time to go through the virus infected emails, but I'd suggest
> if you don't use SaneSecurity signatures in ClamAV, you should.
>
> Regards,
>
> Michael.
>
>
>
>
> __________________________________________________________________________________
> Find local businesses and services in your area with Yahoo!7 Local.
> Get started: http://local.yahoo.com.au
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090827/c09de03b/attachment.html
More information about the MailScanner
mailing list