[sniffer]Ebay Phishing Emails getting through

2006-05-20 Thread Goran Jovanovic 
Hi,

I normally see maybe 6 to 10 phishing e-mails per day for the volume of
mail that I handle (~15,000 msg/day). Yesterday was an explosion in my
terms.

HTML.PHISHING.BANK.GEN088.SANESECURITY.0603080..52
HTML.PHISHING.BANK.GEN615.SANESECURITY.06051202.F6
HTML.PHISHING.BANK.GEN220.SANESECURITY.0603240...4
HTML.PHISHING.CARD.SANESECURITY.0602210..4
HTML.PHISHING.BANK.GEN015.SANESECURITY.0602180...1 
HTML.PHISHING.BANK.GEN055.SANESECURITY.0603050...1 

I catch these and treat them as a virus using CLAM AV and the SANE
Security database.

Goran Jovanovic
Omega Network Solutions
Tel: 416 322-0333

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Thursday, May 18, 2006 10:33 AM
To: Message Sniffer Community
Subject: [sniffer]Re[2]: [sniffer]Ebay Phishing Emails getting through

Hello Andrew,

Wednesday, May 17, 2006, 5:35:36 PM, you wrote:

 Certainly, submitting samples to spam@ (or preferably your 
 local spam submission point polled by our bots) will put 
 these messages in front of us if we have not already created 
 rules for them.

 I've just manually submitted the ~35 messages that my filters
triggered
 on for phishing that didn't trigger Message Sniffer today but ended up
 in my HOLD folder anyway due to their total spamminess.

 Most of them are against eBay and came from Germany.

If your overall false positive rate is low enough then it would be
great if you could automate that process to create a synthetic
spamtrap. Somehow, take the most spammy of the messages that get past
SNF and send them to a special account on your system from which our
robots could pull the messages Since we code rules 24x7x365 we
would be able to respond to these quickly and (from your perspective)
automatically.

_M


-- 
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.


#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]

Re: [sniffer]possibly moving to new os

2006-05-20 Thread Pete McNeil 
Hello steve,

Saturday, May 20, 2006, 4:51:10 PM, you wrote:

   
  
 Hi,
  
  
  
 We are a current  Imail/sniffer/declude customer.  
  
  
  
 We are thinking of  moving away from our current Imail setup to one using 
 postfix. 
  
  
  
 I downloaded the 30  trial.  Is it possible to transfer our license
 to the new setup after we  finish testing?

Yes.

If you have a valid license and you move to a new platform you can
take that license with you. One license per MTA is all that we
require.

Thanks!

_M

-- 
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.


#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]