image spam again :)

Richard Mealing richard at fastnet.co.uk
Thu Aug 27 10:12:18 IST 2009


>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Mansour
>Sent: 25 August 2009 09:04
>To: MailScanner discussion
>Subject: RE: image spam again :) 
>
>Hi Jonas,
>
>> From: Jonas A. Larsen <jonas at vrt.dk>
>> Subject: RE: image spam again :)
>> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
>> Received: Tuesday, 25 August, 2009, 4:18 PM
>> > > we are seeing a lot of
>> image spam again. we are running sa update and
>> > > the image tings they publish / imageinfo.cf and
>> others. But lately a lot
>> > > is getting through.
>> > >
>> > 
>> > I hadn't noticed... use zen.spamhaus.org and
>> bl.spamcop.net at SMTP time
>> > along with 15 mins of greylisting for unknown
>> hosts.  Problem solved.
>> > 
>> > Regards,
>> > Steve.
>> 
>> Mmmm well let's be frank Steve, that’s just simply
>> entirely untrue :)
>> 
>> The past weeks have seen a rise in image based spam, where
>> many of them (the
>> ones that doesn’t hit obvious rbl's etc) slip by even ocr
>> plugins etc.
>> 
>> If you take a look at the SA list you can see lots of
>> people are seeing this
>> new bunch of image spams and pretty penetrating.
>> 
>> So far there's no sure fire way of stopping it if you are
>> to judge by the sa
>> users responses.
>> 
>> I use spamhaus and spamcop in mta and greylist, and I've
>> gotten a few of
>> them myself.
>> 
>> Many of them use the so called "flag" method where the
>> image looks "wavy"
>> like a flag, which is probably whats disabling the ocr
>> techniques.
>> 
>> If anybody got any advice I'd love to hear it.
>
>From my end, I haven't noticed any image spam getting through. But, I use SaneSecurity clam signatures which import the MSRBL image spam definitions, so maybe that is why?
>
>I don't have time to go through the virus infected emails, but I'd suggest if you don't use SaneSecurity signatures in ClamAV, you should.
>
>Regards,
>
>Michael.


Hi Michael, (now posting properly at the bottom!! Sorry..)

I am using that sanesecurity and it's great (thanks for the heads up), however I was wondering if there is a way to forward on the spam mail to the recipient, like spamassassins mail it goes off as per the ruleset, but because this is clamav catching the spam it gets quarantined. 

Any thoughts?

After testing yesterday, I found where spamassassin caught some 8,500 emails, sanesecurity did nearly 5,300 in the same time. It would be awesome if I could use this but if the mail goes to quarantine then I can see we are going to have some issues with missing mail.

Many thanks,
Rich


      __________________________________________________________________________________
Find local businesses and services in your area with Yahoo!7 Local.
Get started: http://local.yahoo.com.au
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list