Tiny image only spam [OT]
Randal, Phil
prandal at herefordshire.gov.uk
Mon May 11 10:00:28 IST 2009
These rules were posted to the spamassassin-users mailing list by John Hardin a few days ago
header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i
mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
meta MIME_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __ANY_IMAGE_ATTACH && !__ANY_TEXT_ATTACH)
score MIME_IMAGE_ONLY 2.00
describe MIME_IMAGE_ONLY Image body part but no text body parts
Cheers,
Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: prandal at herefordshire.gov.uk
Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council.
This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
________________________________
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 11 May 2009 07:55
To: MailScanner discussion
Subject: RE: Tiny image only spam [OT]
Fuzzy OCR does the job, but bear in mind there is a significant overhead with using it. We stopped using it as it was significantly increasing the load on our servers and other measures were working better.
Jason
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Gary Faith
Sent: 11 May 2009 04:21
To: mailscanner at lists.mailscanner.info
Subject: Re: Tiny image only spam [OT]
I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first:
http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html
But this is the one that I adapted from MaiaMailGuard to MailScanner.
http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf
Basically, I installed
-rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz
-rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz
-rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz
-rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz
-rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz
-rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz
and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules.
BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually.
I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam:
FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100
Gary Faith
>>> Alessandro Bianchi <alex at skynet-srl.com> 5/10/2009 12:37 PM >>>
In the last days I'm getting a lot of image only spam.
It contains no links and no text at all
The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar.
I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't).
Has anyone else seen something similar?
Any ideas about how to stop it?
Best regards and thanks
Alessandro Bianchi
--
SkyNet SRL
P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY
Tel. +39 0322 836487/834765 - Fax.+39 0322.836608
info at skynet-srl.com -www.skynet-srl.com <http://www.skynet-srl.com>
Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne é vietata la diffusione in qualunque forma.
Qualora Lei non fosse la persona a cui il presente messaggio é destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione.
Per qualsiasi informazione in merito si prega di contattare info at skynet-srl.com <mailto:info at skynet-srl.com> . ( Rif. D.L. 196/200 )
More information about the MailScanner
mailing list