Hi List,
I've noticed a lot of phishing spam tries to obfuscate the URI with the
following form:
http://www.mybank.com.phish.cn
and I've been thinking about trying to write a generic rule to detect
this approach.
I haven't had much success yet for dot com's, but UK domains seem pretty
You looking for something commercial?
If you are running vmware you could look at the VIR version of our product.
http://www.secnap.com/products/spammertrap/
there is a virtual version of the 150 user and 500 user product available.
there might be some free vmware builds elsewhere, you could
Karsten Bräckelmann-2 wrote:
Daily is fine, cause it means a single DNS request only most of the
time. Updates of the stock rules however usually are less frequent than
once a week.
DNS seems to have been reporting 709395 as current for about eight weeks
now, and a lot of very obvious spam is
Just a thought on blacklists. Has anyone tried mining the IP data from
HTTP servers that use modsecurity? I'm wondering if the same computers
that are spamming blogs are also spamming with email? Would this be a
new way to catch spammers?
Marc Perkel a écrit :
Just a thought on blacklists. Has anyone tried mining the IP data from
HTTP servers that use modsecurity? I'm wondering if the same computers
that are spamming blogs are also spamming with email? Would this be a
new way to catch spammers?
I have checked many times to
I have one particular user being hammered by porn spam from freemail
accounts, mostly Yahoo and live.com . These are getting by existing
rules, including 70_sare_adult_cf .
The messages typically have a on-topic, suggestive Subject: line. The body
is a URL (google groups or other), and two
I have one particular user being hammered by porn spam from freemail
accounts, mostly Yahoo and live.com . These are getting by existing
rules, including 70_sare_adult_cf .
The messages typically have a on-topic, suggestive Subject: line. The body
is a URL (google groups or other), and
On Tue, 2008-12-23 at 15:42 -0500, Christopher X. Candreva wrote:
I have one particular user being hammered by porn spam from freemail
accounts, mostly Yahoo and live.com . These are getting by existing
rules, including 70_sare_adult_cf .
You may find this following approach. Its aim is to
On 22/12/2008 12:11 PM, Rosenbaum, Larry M. wrote:
From: Daryl C. W. O'Shea [mailto:spamassas...@dostech.ca]
Sent: Saturday, December 20, 2008 2:48 AM
On 19/12/2008 5:40 AM, Marcin Krol wrote:
Daryl C. W. O'Shea wrote:
do it all at once. See my SARE sa-update page for details:
On 23/12/2008 11:18 AM, Mike Bird wrote:
Karsten Bräckelmann-2 wrote:
Daily is fine, cause it means a single DNS request only most of the
time. Updates of the stock rules however usually are less frequent than
once a week.
DNS seems to have been reporting 709395 as current for about eight
On Tue, Dec 23, 2008 at 08:18:50AM -0800, Mike Bird wrote:
Karsten Bräckelmann-2 wrote:
Daily is fine, cause it means a single DNS request only most of the
time. Updates of the stock rules however usually are less frequent than
once a week.
DNS seems to have been reporting 709395 as
11 matches
Mail list logo
