>From time to time, Razor-check will report a hit for an apparently blank
message with an attachment. The offending ehash is for the apparently blank
part of the message. The MIME message contains two or more parts and the
HTML part contains only a few tags and no text. Razor-check calculates the
ehash for this part and compares it with the database. Often, it will match
reported spam because some reported spam is sent as an attachment to a
matching apparently blank message.
Here is my ehash list for apparently blank messages:
D97Kd_xW_1oOAN-3F7RJ1YFbxdgA
JudMQLN-L4uGbsGerXGnSrZf0Z8A
zdGTYRw61hrsYQoLvVL2vWL1u_EA
_SsH-KtgO9VSZa2dpZ4fHt9OeOcA
Hv5WLPo9LTz96VJOTNKYM3618zQA
GKXO6MQg0SCjpwnR6yP7PX_G--4A
Each ehash comes and goes in the database, depending upon the reported spam.
Jim
________________________________
From: Vipul Ved Prakash [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 02, 2007 06:00 PM
To: Jim Hermann - UUN Hostmaster; razor-users@lists.sourceforge.net
Subject: RE: [Razor-users] Razor-check not using sha1 value
inrazor-whitelist file
Hmm, looking through the code, it seems ehash whitelisting is not
supported. Frankly, this feature is not really popular and has not been
supported for a while. We are going to either remove it or bring it
up-to-date in the next release. In the meantime, could you send us
razor-check -H output for the mails you are trying to whitelist and we'll be
able to tell you what's going on and how to fix it.
cheers,
vipul
-----Original Message-----
From: Jim Hermann - UUN Hostmaster [mailto:[EMAIL PROTECTED]
Sent: Tue 1/2/2007 5:50 AM
To: Vipul Ved Prakash; razor-users@lists.sourceforge.net
Subject: RE: [Razor-users] Razor-check not using sha1 value
inrazor-whitelist file
What is the ehash?
The documentation indicates that I can add this line to the
whitelist:
sha1 _SsH-KtgO9VSZa2dpZ4fHt9OeOcA
Jim
________________________________
From: Vipul Ved Prakash [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 02, 2007 03:01 AM
To: Jim Hermann - UUN Hostmaster;
razor-users@lists.sourceforge.net
Subject: RE: [Razor-users] Razor-check not using sha1 value
inrazor-whitelist file
SHA1 sig is not used in the newer versions of Razor. Did
you try listing the ehash?
cheers,
vipul
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of
Jim Hermann - UUN Hostmaster
Sent: Mon 1/1/2007 9:14 AM
To: razor-users@lists.sourceforge.net
Subject: Re: [Razor-users] Razor-check not using sha1 value
inrazor-whitelist file
Still waiting to hear something about this problem.
Jim
> -----Original Message-----
> From: Jim Hermann - UUN Hostmaster
[mailto:[EMAIL PROTECTED]
> Sent: Saturday, October 28, 2006 10:37 AM
> To: 'razor-users@lists.sourceforge.net'
> Subject: RE: Razor-check not using sha1 value in
razor-whitelist file
>
> What is the status of this Bug? I submitted it back in
July.
>
> Jim
>
> > -----Original Message-----
> > From: Jim Hermann - UUN Hostmaster
[mailto:[EMAIL PROTECTED]
> > Sent: Sunday, July 09, 2006 11:14 AM
> > To: 'razor-users@lists.sourceforge.net'
> > Subject: Razor-check not using sha1 value in
razor-whitelist file
> >
> > I can't seem to get Razor2 2.82 to ignore the signature
for
> > an almost-empty part of a two-part email message. I
added
> > the signature to my razor-whitelist file (see below) and
ran
> > razor-check -d on the problem message (see below). The
first
> > part of the message only contains the Content-Type: and
> > Content-Transfer-Encoding: MIME Headers (see end). It
is a
> > very common signature.
> >
> > What am I doing wrong?
> >
> > [EMAIL PROTECTED] root]# more .razor/razor-whitelist
> >
> > # very common sig for a while - 0
> > sha1 D97Kd_xW_1oOAN-3F7RJ1YFbxdgA
> > # Sermon from Oct 9 - 0
> > sha1 3gJA9N19dYApDVMC26HUpvz_hR8A
> > # play - 1
> > sha1 CmwHRX1s-wtWuNJcC0FH_SNjhCkA
> > # GMUUC Christmas Programs - 0 is all whitespace
> > # Eco task force devon 2 - 0 is all whitespace
> > # Undelivered Mail Returned to Sender - 0
> > sha1 JudMQLN-L4uGbsGerXGnSrZf0Z8A
> > # Hungarian attachment
> > sha1 TOo0BfnapRgA
> > sha1 TOo0BfnasnsA
> > sha1 TOo0Bfnac78A
> > sha1 TOo0BfnaFDwA
> > sha1 TOo0BfnaA68A
> > sha1 TOo0BfnafMMA
> > sha1 TOo0BfnadpoA
> > sha1 TOo0Bfna7UsA
> > sha1 TOo0BfnawmUA
> > sha1 TOo0BfnaVJUA
> > # Hungarian email
> > sha1 Zo0h2U0QssnhBNQj-mObW0jMPR4A
> > sha1 8a_aC4syhaX8mO0-Whh200t_zEsA
> > sha1 vd-pOTFH-yXWwIaHtM6SIzlt7X8A
> > # blank messages
> > sha1 zdGTYRw61hrsYQoLvVL2vWL1u_EA
> > sha1 _SsH-KtgO9VSZa2dpZ4fHt9OeOcA
> > sha1 Hv5WLPo9LTz96VJOTNKYM3618zQA
> > sha1 GKXO6MQg0SCjpwnR6yP7PX_G--4A
> >
> >
> > [EMAIL PROTECTED] root]# razor-check -d
> > /home/virtual/admin4/var/mail/ham
> > Razor-Log: Computed razorhome from env: /root/.razor
> >
> > Razor-Log: Found razorhome: /root/.razor
> > Razor-Log: read_file: 15 items read from
> /root/.razor/razor-agent.conf
> > Jul 09 10:49:11.875911 check[24335]: [ 2] [bootup]
Logging
> > initiated LogDebugLevel=9 to stdout
> > Jul 09 10:49:11.876400 check[24335]: [ 5] computed
> > razorhome=/root/.razor,
conf=/root/.razor/razor-agent.conf,
> > ident=/root/.razor/identity
> > Jul 09 10:49:11.876501 check[24335]: [ 2] Razor-Agents
v2.82
> > starting razor-check -d
/home/virtual/admin4/var/mail/ham
> > Jul 09 10:49:11.878176 check[24335]: [ 9] uname -a:
Linux
> > host.uuserver.net 2.6.10-1.771_FC2 #1 Mon Mar 28
00:50:14 EST
> > 2005 i686 i686 i386 GNU/Linux
> > Jul 09 10:49:11.878607 check[24335]: [ 8] reading mbox
> > formatted mail from /home/virtual/admin4/var/mail/ham
> > Jul 09 10:49:11.880389 check[24335]: [ 6] read 1 mail
> > Jul 09 10:49:11.880645 check[24335]: [ 8] Client
> > supported_engines: 4 8
> > Jul 09 10:49:11.882518 check[24335]: [ 8] prep_mail
done:
> > mail 1 headers=671, mime0=115, mime1=43476
> > Jul 09 10:49:11.883384 check[24335]: [ 5] read_file: 21
items
> > read from /root/.razor/razor-whitelist
> > Jul 09 10:49:11.883672 check[24335]: [ 8] loaded 1
different
> > types of whitelist
> > Jul 09 10:49:11.883893 check[24335]: [ 5] read_file: 1
items
> > read from /root/.razor/servers.discovery.lst
> > Jul 09 10:49:11.884115 check[24335]: [ 5] read_file: 2
items
> > read from /root/.razor/servers.nomination.lst
> > Jul 09 10:49:11.884441 check[24335]: [ 5] read_file: 3
items
> > read from /root/.razor/servers.catalogue.lst
> > Jul 09 10:49:11.884794 check[24335]: [ 9] Assigning
defaults
> > to joy.cloudmark.com
> > Jul 09 10:49:11.884936 check[24335]: [ 9] Assigning
defaults
> > to folly.cloudmark.com
> > Jul 09 10:49:11.885107 check[24335]: [ 9] Assigning
defaults
> > to c101.cloudmark.com
> > Jul 09 10:49:11.885246 check[24335]: [ 9] Assigning
defaults
> > to shock.cloudmark.com
> > Jul 09 10:49:11.885370 check[24335]: [ 9] Assigning
defaults
> > to c102.cloudmark.com
> > Jul 09 10:49:11.886004 check[24335]: [ 5] read_file: 19
items
> > read from /root/.razor/server.c101.cloudmark.com.conf
> > Jul 09 10:49:11.886475 check[24335]: [ 5] read_file: 19
items
> > read from /root/.razor/server.c101.cloudmark.com.conf
> > Jul 09 10:49:11.886863 check[24335]: [ 5] read_file: 18
items
> > read from /root/.razor/server.joy.cloudmark.com.conf
> > Jul 09 10:49:11.887243 check[24335]: [ 5] read_file: 18
items
> > read from /root/.razor/server.joy.cloudmark.com.conf
> > Jul 09 10:49:11.887632 check[24335]: [ 5] read_file: 15
items
> > read from /root/.razor/server.folly.cloudmark.com.conf
> > Jul 09 10:49:11.887969 check[24335]: [ 5] read_file: 15
items
> > read from /root/.razor/server.folly.cloudmark.com.conf
> > Jul 09 10:49:11.888364 check[24335]: [ 5] read_file: 18
items
> > read from /root/.razor/server.shock.cloudmark.com.conf
> > Jul 09 10:49:11.888780 check[24335]: [ 5] read_file: 18
items
> > read from /root/.razor/server.shock.cloudmark.com.conf
> > Jul 09 10:49:11.889178 check[24335]: [ 5] read_file: 18
items
> > read from /root/.razor/server.c102.cloudmark.com.conf
> > Jul 09 10:49:11.889551 check[24335]: [ 5] read_file: 18
items
> > read from /root/.razor/server.c102.cloudmark.com.conf
> > Jul 09 10:49:11.889785 check[24335]: [ 5] 157819 seconds
> > before closest server discovery
> > Jul 09 10:49:11.889950 check[24335]: [ 6]
c101.cloudmark.com
> > is a Catalogue Server srl 5095; computed min_cf=21,
Server se: C8
> > Jul 09 10:49:11.890104 check[24335]: [ 8] Computed
> > supported_engines: 4 8
> > Jul 09 10:49:11.890308 check[24335]: [ 8] Using next
closest
> > server c101.cloudmark.com:2703, cached info srl 5095
> > Jul 09 10:49:11.890528 check[24335]: [ 8] mail 1
Subject:
> > Minutes from June 29 board meeting
> > Jul 09 10:49:11.890822 check[24335]: [ 6] preproc: mail
1.0
> > went from 115 bytes to 77
> > Jul 09 10:49:11.895625 check[24335]: [ 6] preproc: mail
1.1
> > went from 43476 bytes to 41401
> > Jul 09 10:49:11.895795 check[24335]: [ 6] computing sigs
for
> > mail 1.0, len 77
> > Jul 09 10:49:11.897293 check[24335]: [ 6] Engine (8)
didn't
> > produce a signature for mail 1.0
> > Jul 09 10:49:11.897688 check[24335]: [ 6] computing sigs
for
> > mail 1.1, len 41401
> > Jul 09 10:49:11.900527 check[24335]: [ 6] Engine (8)
didn't
> > produce a signature for mail 1.1
> > Jul 09 10:49:11.900765 check[24335]: [ 5] 159746 seconds
> > before closest server discovery
> > Jul 09 10:49:11.900956 check[24335]: [ 6]
shock.cloudmark.com
> > is a Catalogue Server srl 5095; computed min_cf=21,
Server se: C8
> > Jul 09 10:49:11.901109 check[24335]: [ 8] Computed
> > supported_engines: 4 8
> > Jul 09 10:49:11.901230 check[24335]: [ 8] Using next
closest
> > server shock.cloudmark.com:2703, cached info srl 5095
> > Jul 09 10:49:11.901394 check[24335]: [ 5] Connecting to
> > shock.cloudmark.com ...
> > Jul 09 10:49:12.046196 check[24335]: [ 8] Connection
established
> > Jul 09 10:49:12.046352 check[24335]: [ 4]
shock.cloudmark.com
> > >> 36 server greeting:
sn=C&srl=5095&a=l&a=cg&ep4=7542-10
> > Jul 09 10:49:12.046717 check[24335]: [ 4]
shock.cloudmark.com << 25
> > Jul 09 10:49:12.046854 check[24335]: [ 6]
cn=razor-agents&cv=2.82
> > Jul 09 10:49:12.047089 check[24335]: [ 6]
shock.cloudmark.com
> > is a Catalogue Server srl 5095; computed min_cf=21,
Server se: C8
> > Jul 09 10:49:12.047304 check[24335]: [ 8] Computed
> > supported_engines: 4 8
> > Jul 09 10:49:12.047481 check[24335]: [ 8] mail 1.0 e4
sig:
> > GKXO6MQg0SCjpwnR6yP7PX_G--4A
> > Jul 09 10:49:12.047608 check[24335]: [ 5] mail 1.0 e8
got no sig
> > Jul 09 10:49:12.047692 check[24335]: [ 8] mail 1.1 e4
sig:
> > qKsVqfgDb3wVXGbYM0iQf2hOsLsA
> > Jul 09 10:49:12.047787 check[24335]: [ 5] mail 1.1 e8
got no sig
> > Jul 09 10:49:12.047954 check[24335]: [ 8] preparing 2
queries
> > Jul 09 10:49:12.048186 check[24335]: [ 8] sending 1
batches
> > Jul 09 10:49:12.048311 check[24335]: [ 4]
shock.cloudmark.com << 108
> > Jul 09 10:49:12.048381 check[24335]: [ 6]
> > -a=c&e=4&ep4=7542-10&s=GKXO6MQg0SCjpwnR6yP7PX_G--4A
> > a=c&e=4&ep4=7542-10&s=qKsVqfgDb3wVXGbYM0iQf2hOsLsA
> > .
> > Jul 09 10:49:12.201817 check[24335]: [ 4]
shock.cloudmark.com >> 21
> > Jul 09 10:49:12.201902 check[24335]: [ 6] response to
sent.2
> > -p=1&cf=100
> > p=0
> > .
> > Jul 09 10:49:12.202267 check[24335]: [ 6] mail 1.0 e=4
> > sig=GKXO6MQg0SCjpwnR6yP7PX_G--4A: Is spam: cf 100 >=
min_cf 21
> > Jul 09 10:49:12.202356 check[24335]: [ 6] mail 1.1 e=4
> > sig=qKsVqfgDb3wVXGbYM0iQf2hOsLsA: sig not found.
> > Jul 09 10:49:12.202435 check[24335]: [ 7] method 4: mail
1.0:
> > no-contention part, spam=1
> > Jul 09 10:49:12.202494 check[24335]: [ 7] method 4: mail
1.1:
> > no-contention part, spam=0
> > Jul 09 10:49:12.202551 check[24335]: [ 7] method 4: mail
1: a
> > non-contention part was spam, mail spam
> > Jul 09 10:49:12.202609 check[24335]: [ 3] mail 1 is
known spam.
> > Jul 09 10:49:12.202679 check[24335]: [ 5] disconnecting
from
> > server shock.cloudmark.com
> > Jul 09 10:49:12.202791 check[24335]: [ 4]
shock.cloudmark.com << 5
> > Jul 09 10:49:12.202844 check[24335]: [ 6] a=q
> > Jul 09 10:49:12.202985 check[24335]: [ 8] razor-check
> > finished successfully.
> >
> > [snip]
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> >
boundary="----=_NextPart_000_02EA_01C6A2C9.88E40950"
> > X-Mailer: Microsoft Outlook, Build 10.0.6626
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
> > Thread-index: AcafiAVN4AHLBpqJT6+1i2SXZv1oaA==
> > X-OlkEid: ED6406202FF7A4D59EA399468E8D914D50A82138
> > X-IMAPbase: 1152407328 1
> > Status: RO
> > X-Status:
> > X-Keywords:
> > X-UID: 1
> >
> > This is a multi-part message in MIME format.
> >
> > ------=_NextPart_000_02EA_01C6A2C9.88E40950
> > Content-Type: text/plain;
> > charset="us-ascii"
> > Content-Transfer-Encoding: 7bit
> >
> >
> > ------=_NextPart_000_02EA_01C6A2C9.88E40950
> > Content-Type: application/msword;
> > name="Jun 29 2006.rtf"
> > Content-Transfer-Encoding: quoted-printable
> > Content-Disposition: attachment;
> > filename="Jun 29 2006.rtf"
> > [snip]
> >
> > -----
> > Jim Hermann <[EMAIL PROTECTED]>
> > UUism Networks <http://www.UUism.net>
> > Ministering to the Needs of Online UUs
> > Web Hosting, Email Services, Mailing Lists
> > -----
> >
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys - and
earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Razor-users mailing list
Razor-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/razor-users
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.16.2/613 - Release
Date: 01/01/07 02:50 PM
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.16.2/613 - Release Date:
01/01/07 02:50 PM
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Razor-users mailing list
Razor-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/razor-users
