[sniffer] Surprising missed spam
Title: Surprising missed spam Hello, I was surprised recently by some spam that got through without getting caught by the sniffer. We've been getting some plain text messages that have obvious spam words in the subject line. For example, a plain text message with horny teenagers came through. The content was also very spammy, but all plain text. I tried sending myself a few messages with standard spam phrases and none of them tripped any sniffer rules. Am I missing something? Corby
Re: [sniffer] Surprising missed spam
On Monday, September 13, 2004, 7:22:03 PM, Corby wrote: AC Hello, AC I was surprised recently by some spam that got through AC without getting caught by the sniffer. We've been getting some AC plain text messages that have obvious spam words in the subject AC line. For example, a plain text message with horny teenagers AC came through. The content was also very spammy, but all plain AC text. I tried sending myself a few messages with standard spam AC phrases and none of them tripped any sniffer rules. AC Am I missing something? Can you zip up some examples and send them to me? I'm researching this issue right now and I need more data. Thanks, _M PS: A number of word / phrase based rules have been dropped from the core rule base due to false positives - not many, but this might explain some of what you're seeing - I will know more when I have some examples. If that's the case I can always put the rules back in for your local rule base. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Surprising missed spam
Corby, Personally, I'm a fan of leaving the generic stuff out due to the potential of false positives. Those of us that are using Sniffer in addition to other spam blocking mechanisms can afford to lose some Sniffer hits on such phrases because they will be picked up by other means almost all of the time. Including such phrases however would increase our false positive rate without a measurable benefit in spam capture rates. I have even asked Pete to remove some phrase hits from my own rulebase for exactly this reason. Matt Agid, Corby wrote: Surprising missed spam Hello, I was surprised recently by some spam that got through without getting caught by the sniffer. We've been getting some plain text messages that have obvious spam words in the subject line. For example, a plain text message with "horny teenagers" came through. The content was also very spammy, but all plain text. I tried sending myself a few messages with standard spam phrases and none of them tripped any sniffer rules. Am I missing something? Corby -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[sniffer] Version 2-3.0i2 release.
Hello Sniffer Folks, Please find interim update 2 at the following link: http://www.sortmonster.com/MessageSniffer/Betas/MessageSniffer2-3.0i2-Distribution.zip This distribution patches a hole in the FilterChain module of the scanner. In prior versions it was possible for the unexpected presence of a 'null' character to prevent the remainder of a message from being scanned. In theory (not yet proven) this could cause some rules not to fire on a message even though the rules would be present in the rule base. This is a minor adjustment which has tested well on our servers. We will be making this the official distribution after a little more testing. No problems have been observed or reported so far. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Version 2-3.0i2 release.
Pete, I take it this can be run without the persistent mode? Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Pete McNeil Sent: Mon 9/13/2004 9:15 PM To: [EMAIL PROTECTED] Cc: Subject: [sniffer] Version 2-3.0i2 release. Hello Sniffer Folks, Please find interim update 2 at the following link: http://www.sortmonster.com/MessageSniffer/Betas/MessageSniffer2-3.0i2-Distribution.zip This distribution patches a hole in the FilterChain module of the scanner. In prior versions it was possible for the unexpected presence of a 'null' character to prevent the remainder of a message from being scanned. In theory (not yet proven) this could cause some rules not to fire on a message even though the rules would be present in the rule base. This is a minor adjustment which has tested well on our servers. We will be making this the official distribution after a little more testing. No problems have been observed or reported so far. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html winmail.dat
Re[2]: [sniffer] Version 2-3.0i2 release.
On Monday, September 13, 2004, 10:20:06 PM, Keith wrote: KJ Pete, KJ I take it this can be run without the persistent mode? Thanks for the aid. Yes. It is no different than the current version except for the patch. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
