On Mon, 8 Oct 2018, Zinski, Steve wrote:
> The trouble with this is that you would be adding 10 point to anything
> with a bitcoin address whether anything's obfuscated or not. If you want
> to avoid this take a look at the FUZZY_* rules.
Well, actually, no. I sent you a snippet of my
> The trouble with this is that you would be adding 10 point to anything
> with a bitcoin address whether anything's obfuscated or not. If you want
> to avoid this take a look at the FUZZY_* rules.
Well, actually, no. I sent you a snippet of my rule and inflated the score to
10 for
On Sat, 6 Oct 2018, Pedro David Marco wrote:
On Saturday, October 6, 2018, 8:36:11 PM GMT+2, John Hardin
wrote:
The version of this in my sandbox doesn't have that weakness. I did some
tuning compared to what Steve proposed.
John, would it be possible for you to share with us those
On Saturday, October 6, 2018, 8:36:11 PM GMT+2, John Hardin
wrote:
>The version of this in my sandbox doesn't have that weakness. I did some
>tuning compared to what Steve proposed.
John, would it be possible for you to share with us those improvments???
Thanks,
PedroD
On Sat, 6 Oct 2018, RW wrote:
On Fri, 5 Oct 2018 16:34:51 +
Zinski, Steve wrote:
Here's how I'm blocking bitcoin emails with Unicode characters
embedded:
body__BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
body__BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
body
On Fri, 5 Oct 2018 16:34:51 +
Zinski, Steve wrote:
> Here's how I'm blocking bitcoin emails with Unicode characters
> embedded:
>
> body__BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
> body__BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
> body__BTC3
You did well. Not perfect, but nearly there.
The key words here are: dynamic, helo, from and to. No need to use a black list.
The message was sent from a dynamic IP. No reputable email server does that.
The next reason to reject is the failure of SPF. The recipient should implement
SPF
On 10/5/18 4:38 PM, Antony Stone wrote:
> On Friday 05 October 2018 at 23:26:12, Rupert Gallagher wrote:
>
>>> https://pastebin.com/TRD7FzRQ
>>>
>>> I have a sample here
>>
>> There are at least three reasons to reject that e-mail upfront, with no
>> need to parse its body.
>
> Hints might be
On Friday 05 October 2018 at 23:26:12, Rupert Gallagher wrote:
> > https://pastebin.com/TRD7FzRQ
> >
> > I have a sample here
>
> There are at least three reasons to reject that e-mail upfront, with no
> need to parse its body.
Hints might be appreciated for the uninitiated.
Antony.
PS:
> https://pastebin.com/TRD7FzRQ
> I have a sample here
There are at least three reasons to reject that e-mail upfront, with no need to
parse its body.
On Fri, 5 Oct 2018, Zinski, Steve wrote:
Yes, absolutely.
OK, cleaned up a bit and checked in. We'll see what masscheck thinks...
On 10/5/18, 1:42 PM, "John Hardin" wrote:
On Fri, 5 Oct 2018, Zinski, Steve wrote:
> Here's how I'm blocking bitcoin emails with Unicode characters
On Fri, 5 Oct 2018, sebast...@debianfan.de wrote:
https://pastebin.com/TRD7FzRQ
i have a sample here
There doesn't appear to be any obfuscation (apart from the email address)
in that message...
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
https://pastebin.com/TRD7FzRQ
i have a sample here
Am 05.10.2018 um 19:50 schrieb Zinski, Steve:
Yes, absolutely.
On 10/5/18, 1:42 PM, "John Hardin" wrote:
On Fri, 5 Oct 2018, Zinski, Steve wrote:
> Here's how I'm blocking bitcoin emails with Unicode characters embedded:
Yes, absolutely.
On 10/5/18, 1:42 PM, "John Hardin" wrote:
On Fri, 5 Oct 2018, Zinski, Steve wrote:
> Here's how I'm blocking bitcoin emails with Unicode characters embedded:
>
> body__BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
> body__BTC2
On Fri, 5 Oct 2018, Zinski, Steve wrote:
Here's how I'm blocking bitcoin emails with Unicode characters embedded:
body__BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
body__BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
body__BTC3 /\b\W*b\W*t\W*c\W*\b/i
body
Here's how I'm blocking bitcoin emails with Unicode characters embedded:
body__BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
body__BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
body__BTC3 /\b\W*b\W*t\W*c\W*\b/i
body__BTC4
On Fri, 5 Oct 2018, Pedro David Marco wrote:
>On Thursday, October 4, 2018, 9:08:10 PM GMT+2, Kevin A. McGrail
wrote:
>Interesting. Any chance for an unmodified pastebin spample?
Yes please Joseph... any change for it, please? We are hungry...
Test rule checked into my sandbox last
>On Thursday, October 4, 2018, 9:08:10 PM GMT+2, Kevin A. McGrail
wrote:
>Interesting. Any chance for an unmodified pastebin spample?
Yes please Joseph... any change for it, please? We are hungry...
---PedroD
Interesting. Any chance for an unmodified pastebin spample?
On Thu, Oct 4, 2018, 12:07 Joseph Brennan wrote:
>
> Two days ago the Bitcoin threats from Outlook.com started arriving in the
> Windows-1256 charset, which is Arabic, but including Latin characters. The
> text has Arabic character 9D
19 matches
Mail list logo