On Tue, 2 Jun 2009, Yet Another Ninja wrote:
On 6/2/2009 7:55 PM, John Hardin wrote:
Oh, sorry, I got that backwards checking for _not_ PHP... Never mind
those last rules.
The mailer is going to be easy to change (even randomly) in a spam tool.
I'd suggest that it's not valid to check
Hi all,
Is there a rule to catch these messages with no body and a 550 bite word
attachment?
thx
The only rule its triggering is the
RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite word
attachment?
Can you post a sample somewhere for us?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk
On Tue, 2009-06-02 at 09:10 -0400, Jean-Paul Natola wrote:
Hi all,
Is there a rule to catch these messages with no body and a 550 bite word
attachment?
Yes, add the SaneSecurity clamav signatures.
codling.rtf: Sanesecurity.Spam.10307.UNOFFICIAL FOUND
Integration with spamassassin left as
Correction they are rtf not doc
ftp://ftp.fcimail.org/IT/SA_Sample/shambling.rtf
-Original Message-
From: John Hardin [mailto:jhar...@impsec.org]
Sent: Tuesday, June 02, 2009 9:47 AM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: word doc spam
On Tue, 2 Jun
On Tue, 2 Jun 2009, Dave Walker wrote:
John Hardin wrote:
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite
word attachment?
Can you post a sample somewhere for us?
Hi,
I assume he means the recent surge in rtf attachment
: word doc spam
On Tue, 2 Jun 2009, Dave Walker wrote:
John Hardin wrote:
On Tue, 2 Jun 2009, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550 bite
word attachment?
Can you post a sample somewhere for us?
Hi,
I assume he means the recent surge in rtf
Just to be sure that I'm thinking the right way about the 'no text body
part' rule: If someone sends a 'normal' message, but elects to not type
any text into the body, there *will* still be a mime 'text' section, and
it will just be empty, right? So the 'no text body' would mean that the
On Tue, 2 Jun 2009, Charles Gregory wrote:
Just to be sure that I'm thinking the right way about the 'no text body
part' rule: If someone sends a 'normal' message, but elects to not type
any text into the body, there *will* still be a mime 'text' section, and
it will just be empty, right?
I
On Tue, 2 Jun 2009, John Hardin wrote:
Well, any tool that's composing MIME messages can choose to omit a text
body part if no text is available... (snip)
In practice, we're only seeing it in spams. There may be false positives in
some unusual situations, but it's not likely with legitimate
On 2-Jun-2009, at 07:10, Jean-Paul Natola wrote:
Is there a rule to catch these messages with no body and a 550
bite word
attachment?
I reject .doc attachments since they can carry macro virus payloads.
--
We will fight for Bovine Freedom and hold our large heads high
We will run free
Title: RE: Word Doc spam
-Original Message-
From: Rob Poe [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2006 5:40 PM
To: Kenneth Porter; users@spamassassin.apache.org
Subject: Re: Word Doc spam
I got one of these too...
Kenneth Porter [EMAIL PROTECTED] 8/8/2006
Chris Santerre wrote:
-Original Message-
From: Rob Poe [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 5:40 PM
To: Kenneth Porter; users@spamassassin.apache.org
Subject: Re: Word Doc spam
I got one of these too...
Kenneth Porter [EMAIL PROTECTED] 8/8/2006 8:07 AM
Words by Chris Santerre [Fri, Aug 11, 2006 at 12:12:41PM -0400]:
...
I'd always thought that it would be nice for the Open Office
people to
create a simple command-line utility to convert Word files to
plain text
for spam checking. Or it could strip any macros for virus
Title: RE: Word Doc spam
Are there other subjects, or just these two:
Bill Summary - Invoice #.
August Payment Summary, Invoice #.
I'm only seeing those 2. But you can't really right a rue for just that without major FPs. Going to have to meta with another sign.
--Chris
I got one of these too...
Kenneth Porter [EMAIL PROTECTED] 8/8/2006 8:07 AM
--On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers
[EMAIL PROTECTED] wrote:
Received in my .mac (basically a spam bin) account.
http://www.triksys.be/docspam.jpg = screenshot of word doc attached.
Neer
Received in my .mac (basically a spam bin) account.http://www.triksys.be/docspam.jpg = screenshot of word doc attached.Neer seen this beforeIs this new, or old news?211.16.219.135 is in all kinds of blacklists though.Patrick SneyersBelgiumVan: Robert Nicholson [EMAIL PROTECTED]Datum: 8
--On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers
[EMAIL PROTECTED] wrote:
Received in my .mac (basically a spam bin) account.
http://www.triksys.be/docspam.jpg = screenshot of word doc attached.
Neer seen this before
Is this new, or old news?
211.16.219.135 is in all kinds of
* Kenneth Porter [EMAIL PROTECTED]:
I was surprised to see one of these as well.
I'd always thought that it would be nice for the Open Office people to
create a simple command-line utility to convert Word files to plain text
for spam checking.
man antiword
--
Ralf Hildebrandt (i.A. des
From: Ralf Hildebrandt [EMAIL PROTECTED]
* Kenneth Porter [EMAIL PROTECTED]:
I was surprised to see one of these as well.
I'd always thought that it would be nice for the Open Office people to
create a simple command-line utility to convert Word files to plain text
for spam checking.
man
From: Ralf Hildebrandt [EMAIL PROTECTED]
* Kenneth Porter [EMAIL PROTECTED]:
I was surprised to see one of these as well.
I'd always thought that it would be nice for the Open
Office people to
create a simple command-line utility to convert Word files
to plain text
for spam
From: Ralf Hildebrandt [EMAIL PROTECTED]
man antiword
No manual entry for antiword
Looks really useful and straightforward, thanks Ralf!
In the FreeBSD ports collection it comes under: textproc/antiword
or fetch it from its home site: http://www.winfield.demon.nl/
Mark
--On Wednesday, August 09, 2006 1:01 AM +0200 Mark Martinec
[EMAIL PROTECTED] wrote:
In the FreeBSD ports collection it comes under: textproc/antiword
or fetch it from its home site: http://www.winfield.demon.nl/
Cool. What's involved in integrating this into SA? Can the image plugin
23 matches
Mail list logo
