[Declude.JunkMail] FYI: WMF patch released by Microsoft
This vulnerability is widely reported to be very, very not good. There have been unofficial workarounds out there for several days. Here's the official MS patch: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx -Dave Doherty Skywaves Inc. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FYI: WMF patch released by Microsoft
This patch is now available on Windows Update as Security Update for Windows XP (KB912919). Additionally, it coexists with the patch that was made available by SANS last week. If you installed the patch from SANS, install the M$ patch (which requires a reboot) and uninstall the one from SANS at your convenience after the reboot. This doesn't require a second reboot. George -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Friday, January 06, 2006 8:13 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] FYI: WMF patch released by Microsoft This vulnerability is widely reported to be very, very not good. There have been unofficial workarounds out there for several days. Here's the official MS patch: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx -Dave Doherty Skywaves Inc. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamdomains test
Does the Spamdomains tests use the mailfrom or the From: address to compare to the revdns. I'm betting it is the mailfrom address. Thanks Stu --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains test
Stu, The spamdomains test uses the mailfrom address. Declude derives all its sender and recipient information from the envelope, not the message headers. David Franco-Rocha Declude Technical / Engineering - Original Message - From: [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, January 06, 2006 10:50 AM Subject: [Declude.JunkMail] Spamdomains test Does the Spamdomains tests use the mailfrom or the From: address to compare to the revdns. I'm betting it is the mailfrom address. Thanks Stu --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How to get negative rounded SA result usiing SPAMC32
Anyone have any ideas about this? Sandy, are you around? I can get the Declude log files to indicate negative scores, but nothing else can happen with it. For example, as a test I set up this: SA-TEST external nonzero c:\imail\declude\filters\spamc32\spamc32.exe -d IP of SA server -u spamd -p 783 -cw %WEIGHT% -sw 10 -y -e -f 0 0 and choose to log only for action. I do see these appearing with negative scores indicated. I also added this one: SA-2external -2 c:\imail\declude\filters\spamc32\spamc32.exe -d IP of SA server -u spamd -p 783 -cw %WEIGHT% -sw 10 -y -e -f 0 0 and it doesn't appear anywhere in the log, though I do see SA-TEST showing scores of -2. I'm obviously confused here, or maybe SPAMC32 can't do this. BUT I do see negative scores, was hoping to utilize them in the same way as my SA-# positive tests. Am I trying to do something impossible or am I just messing up somewhere? Thanks, Geoff __ Geoff Varney Network Administrator Ridgefield School District [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geoff Varney Sent: Tuesday, January 03, 2006 12:48 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] How to get negative rounded SA result usiing SPAMC32 Hi, I recall that in the past few months I got some help from Sanford on getting SPAMC32 set up to report the rounded actual score to Declude and assign that many points to the score. Ie. if SA says 4.75 as a score, SPAMC32 reports 4 (or does it round up?) and then I have multiple lines in global.cfg looking for scores of 1, 2, 3, etc. up to 10. Now, I had asked at that earlier time how to make sure SA in Declude doesn't go negative. The above was one way to do this. Now I would like to have Declude get negative scores from SA to help me get rid of false positives. Right now training SA with HAM only helps as far as Declude JM is concerned if the message in question previously had a positive SA score. If a piece of HAM scores 0 or less in SA before training, it will still report 0 to Declude no matter what its negative score might be after training. I can't seem to find a way to get negative rounded scores from SA to JM. Here are examples of my global.cfg lines for SA: SA5 external 5 ...\spamc32.exe -d SA server IP -u spamd -p 783 -cw %WEIGHT% -sw 10 -y -e -et 10 -f 10 0 And for negative: SA-2external -2 ...\spamc32.exe -d SA server IP-u spamd -p 783 -y -e -f -2 0 So far I don't see any logging of negatives though I see from SA's log that there would be hits if this worked. I guess one answer be to remove the multiple lines and not reported rounded scores, but I'm actually assigning higher weights than round SA scores without many false positives. I can't even remember how that worked back when I started this project.. Thanks, Geoff --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] How to get negative rounded SA result usiing SPAMC32
and it doesn't appear anywhere in the log, though I do see SA-TEST showing scores of -2. That's about the most I can do -- pass negative scores back to JM. I'm obviously confused here, or maybe SPAMC32 can't do this. I don't think it's me, I think it's Declude. Seems Declude is not even interpreting these as zero scores, but simply not matching them to any test definition at all? That's a substantial bug, if so. Can anyone else, or someone from Declude, check this out? I'm away tonight, and I use local thresholds and 'nonzero' test defs in production, so I don't know offhand if it's the case with negatives. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How to get negative rounded SA result usiing SPAMC32
Sanford Whiteman wrote: I don't think it's me, I think it's Declude. Seems Declude is not even interpreting these as zero scores, but simply not matching them to any test definition at all? That's a substantial bug, if so. Can anyone else, I cannot get neg values returned I'm running 2.16 declude.. Positive values work just fine as we all know - -Nick - or someone from Declude, check this out? I'm away tonight, and I use local thresholds and 'nonzero' test defs in production, so I don't know offhand if it's the case with negatives. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.