--[ UxBoD ]-- wrote:
> Yes image spam can be a real pain.
While I agree that image spam is a PITA ... I have to wonder how ANYONE
in the right mind could fall for that garbage.
I mean, be real ... if the message you get contains an image, surrounded
by garbage text, and the image quality
On Fri, 23 Feb 2007, Randal, Phil wrote:
Charming!
Being part of a large community on this mailing list, my answer was
addressing all readers and not just you.
So I included the extra info for those readers who scanned your email
and found low SA scores regardless.
What FuzzyOCR scanset did y
of netpbm are you using?
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: Brian Wilson [mailto:[EMAIL PROTECTED]
> Sent: 23 February 2007 15:32
> To: users@spamassassin.apache.org
> Subject: RE: FuzzyOcr image s
On Friday 23 February 2007 15:31, Brian Wilson wrote:
> [12921] info: FuzzyOcr: (6 word occurrences found)
>
> Simply changing focr_threshold from 0.25 to 0.30 allowed this to happen.
>
> Thanks again, snowcrash!
You'll find that a fuzz of 0.3 is likely to FP very badly. It was
originally set to
On Fri, 23 Feb 2007, Randal, Phil wrote:
I caught these by adding
corpo
to my FuzzyOCR.words file.
But you should also br running a bunch of SARE rules, and sa-updated
rulesets.
Wow, thanks for not reading my email or reading the scores in the message
I posted. As I originally noted, the
(2 word occurrences found)
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: Brian Wilson [mailto:[EMAIL PROTECTED]
> Sent: 23 February 2007 13:10
> To: users@spamassassin.apache.org
> Subject: FuzzyOcr image spam
Passing this along in case someone has a scanset that is able to pick
this one up. Yes, it was tagged as spam from other rules, but I got
nothing from FuzzyOcr on it.
http://bubba.org/spam/imagespam12.gif
http://bubba.org/spam/imagespam12.txt
-B
On 6-Feb-2007, at 09:30, Sujit Choudhury wrote:
Lately there has been an increase in image spam. We are using
imageinfo.cf with ImageInfo plugin. However, this is not making a lot
of difference. We are also using virtually all the SARE rules plus
using sa-update and restarting spamd everyday
On 02/09/07 Ivan wrote:
Hi
> First time posting here, we are running SA version 3.0.6 on centos
4.4, we
> have a lot of image spam and I would like to know if somebody can give
me an
> idea about how to deal with it?
http://www200.pair.com/mecham/spam/image_spam2.html
here is the bes
At 10:09 AM 2/9/2007, Ivan Arteaga wrote:
Hi List,
First time posting here, we are running SA version 3.0.6 on centos 4.4, we
have a lot of image spam and I would like to know if somebody can give me an
idea about how to deal with it?
Any comment will be appreciated.
Upgrading to 3.1.7
Hi List,
First time posting here, we are running SA version 3.0.6 on centos 4.4, we
have a lot of image spam and I would like to know if somebody can give me an
idea about how to deal with it?
Any comment will be appreciated.
Regards,
--Ivan.
pls, can you forward me a copy of that email copy to [EMAIL PROTECTED]
tnx
-Original Message-
From: Michael Scheidell [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 31, 2006 3:02 PM
To: users@spamassassin.apache.org
Cc: [EMAIL PROTECTED]
Subject: Even senators sending image spam
Just
Just got (and CAUGHT!!!) image spam from one of the Florida Senators.
Imageplugin.pm helped catch it, along with SARE_GIF, and other plugins.
Thanks to all who share to help keep the net spam free
(and shame on you Bill Nelson. Too bad you folks put an exemption in
the CAN-SPAM law for
Updating the sa rules seemed to make an immediate noticeable difference.
Thanks.
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 13, 2006 9:03 PM
> To: users@spamassassin.apache.org
> Subject: Re: Image spam and Bayes prob
On Wed, Dec 13, 2006 at 08:55:26PM -0800, Gary W. Smith wrote:
>
> We were running RBL's at the postfix level but recently we have started
> seeing FP's on a couple of them so we disabled them for now (thus
> increasing flow from about 200k messages per server per day to about
> 300k+).
Use policy
Gary W. Smith wrote:
> I’ve seen a sharp increase in our OB Ticker spam’s that consist of an
> image and some text. It passed the greylist just fine and was labeled
> as bayes_00.
>
> X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,EXTRA_MPART_TYPE,
>
> HTML_30_40,HTML_IMAGE_O
On Wed, Dec 13, 2006 at 08:55:26PM -0800, Gary W. Smith wrote:
> The image contained the OB stock ticker and the text was random, but
> coherent sentences. What's the best course of action to block these
> now. I'm running a couple rules from SARE. Are there some specific
> ones that will help o
I haven't been watching the list much lately so I apologize if this
topic has been kicked to death.
I've seen a sharp increase in our OB Ticker spam's that consist of an
image and some text. It passed the greylist just fine and was labeled
as bayes_00.
X-Spam-Status: No, score=-7.5 required=5.
On Wed, Oct 25, 2006 at 10:18:44AM -0500, Bill wrote:
> Ok, if the image spams all have a different hash wouldn't that make the
> Hash function built into Fuzzy OCR useless as well? I'm not sure I buy into
> that thinking. The hash option in my Fuzzy OCR setup runs pretty well.
I know nothing
Bill wrote:
> Ok, if the image spams all have a different hash wouldn't that make the
> Hash function built into Fuzzy OCR useless as well? I'm not sure I buy into
> that thinking. The hash option in my Fuzzy OCR setup runs pretty well.
No, the FuzzyOCR plugin's hash system isn't a checksum o
ecktenwald
To: Bill ; users@spamassassin.apache.org
Sent: Wednesday, October 25, 2006 10:06 AM
Subject: Re: New RBL idea regarding image spam
On Wed, Oct 25, 2006 at 10:00:10AM -0500, Bill wrote:
> Couldn't there be an RBL established ... that
> maintained the hash of known spam
On Wed, Oct 25, 2006 at 10:00:10AM -0500, Bill wrote:
> Couldn't there be an RBL established ... that
> maintained the hash of known spam images and forego the wordlist detection?
most image spam contains small differences (some flipped pixels, etc)
so the hash function will retur
This may not be a new idea but wouldn't a new RBL based on image spam be
worthy? I've been testing FuzzyOCR recently and although it seems to work it
seems sort of "brute force". From what I understand it converts the images
to a PPM or PNM format and then runs gocr o
Marc Perkel wrote:
> I notice that a lot of images spam has a structure where in the source
> the fake text is at the top and the image code is at the bottom but it
> is made to appear so that the image is at the top and the text is at
> the bottom. Seems to me that this should be something we coul
I notice that a lot of images spam has a structure where in the source
the fake text is at the top and the image code is at the bottom but it
is made to appear so that the image is at the top and the text is at the
bottom. Seems to me that this should be something we could test for?
Ben Wylie wrote:
I have noticed that a lot of spam messages change their mime boundary
during the message.
That's not really what happens. The example you included is of nested MIME
entities: the top MIME entity is a multipart entity containg another multipart
entity.
Does this happen in l
s with this new mime boundary, first a text
> and then an html mime part:
Yep, that's multipart/alternate.
> They then revert back to the original mime boundary for the image spam
> mime part:
Yep, the image isn't an alternate for the text parts.
> Does this happen in l
"windows-1250"
Content-Transfer-Encoding: quoted-printable
[HTML Content]
--=_NextPart_001_0006_01C6DC77.1B7CF1F0--
They then revert back to the original mime boundary for the image spam
mime part:
--=_NextPart_000_0005_01C6DC77.1B7CF1F0
Content-Type: image/gif;
nam
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 09, 2006 7:33 PM
> Gary Funck wrote:
> > Has anyone considered also supplying new rules in the
> > form of rpm's available via a yum-compatible repository?
> > It'd be nice to have the usual versioning an
From: "Bret Miller" <[EMAIL PROTECTED]>
>>> Nor does it make sense to use a tool, even if supplied
with SpamAssassin,
>>> that is broken for performing updates.
>
>> what's the "broken" part?
>
> Well, this may not qualify as broken, but I would say it's an
> undesirable behavior that, upon
> >>> Nor does it make sense to use a tool, even if supplied
> with SpamAssassin,
> >>> that is broken for performing updates.
> >
> >> what's the "broken" part?
> >
> > Well, this may not qualify as broken, but I would say it's an
> > undesirable behavior that, upon successful download of the new
On Fri, 11 Aug 2006, Kenneth Porter wrote:
> --On Wednesday, August 09, 2006 7:33 PM -0700 jdow <[EMAIL PROTECTED]>
> wrote:
>
> > For about a femto-second, perhaps. There is too much YMMV
> > involved with the SARE rule sets to make it practical as
> > an rpm solution.
>
> True, this is the re
--On Wednesday, August 09, 2006 7:33 PM -0700 jdow <[EMAIL PROTECTED]>
wrote:
For about a femto-second, perhaps. There is too much YMMV
involved with the SARE rule sets to make it practical as
an rpm solution.
True, this is the real problem with packaging SARE: There's no clear
separation of
--On Wednesday, August 09, 2006 3:54 PM -0500 Logan Shaw
<[EMAIL PROTECTED]> wrote:
This is purely a philosophical argument, but something seems
wrong about the idea of using a package manager to manage
volatile data files in /var.
The problem is not the use of the package manager but the pla
From: "Justin Mason" <[EMAIL PROTECTED]>
jdow writes:
From: "Jim Maul" <[EMAIL PROTECTED]>
> Bowie Bailey wrote:
>
>> It doesn't really matter to me who supports which pieces as long as
>> they all work.
>>
>> Someone may be able to fix sa-update so that it can take over from
>> RDJ, but a
From: "Logan Shaw" <[EMAIL PROTECTED]>
On Fri, 11 Aug 2006, Justin Mason wrote:
jdow writes:
Nor does it make sense to use a tool, even if supplied with SpamAssassin,
that is broken for performing updates.
what's the "broken" part?
Well, this may not qualify as broken, but I would say i
Theo Van Dinter wrote:
On Fri, Aug 11, 2006 at 11:56:00AM -0400, DAve wrote:
I think a status report would be a good option as well. SA already asks
you for your admins email address at install time. Sending a report of
what happened during the sa-update process would be very, very valuable.
On Fri, Aug 11, 2006 at 11:56:00AM -0400, DAve wrote:
> I think a status report would be a good option as well. SA already asks
> you for your admins email address at install time. Sending a report of
> what happened during the sa-update process would be very, very valuable.
Hrm. I'd say feel f
Bret Miller wrote:
Bret Miller writes:
On Fri, 11 Aug 2006, Justin Mason wrote:
jdow writes:
Nor does it make sense to use a tool, even if supplied
with SpamAssassin,
that is broken for performing updates.
what's the "broken" part?
Well, this may not qualify as broken, but I would say it's
I received/responded to this privately before it was also sent to the list, so
paraphrasing below...
On Fri, Aug 11, 2006 at 08:45:43AM -0700, Bret Miller wrote:
> But adding the option to archive will make at least some people more
> comfortable with running sa-update. So I added the bz ticket. W
> On Fri, Aug 11, 2006 at 10:14:46AM -0500, Logan Shaw wrote:
> > What happens if the new set is broken? There's no easy way
> > to revert to the last known good state.
>
> sa-update lint checks the new files in a separate temp area before
> installing them into the real directory. Only if lint s
On Fri, Aug 11, 2006 at 10:14:46AM -0500, Logan Shaw wrote:
> What happens if the new set is broken? There's no easy way
> to revert to the last known good state.
sa-update lint checks the new files in a separate temp area before
installing them into the real directory. Only if lint succeeds
(wh
> Bret Miller writes:
> > > On Fri, 11 Aug 2006, Justin Mason wrote:
> > > > jdow writes:
> > >
> > > >> Nor does it make sense to use a tool, even if supplied
> > > with SpamAssassin,
> > > >> that is broken for performing updates.
> > >
> > > > what's the "broken" part?
> > >
> > > Well, this may
Bret Miller writes:
> > On Fri, 11 Aug 2006, Justin Mason wrote:
> > > jdow writes:
> >
> > >> Nor does it make sense to use a tool, even if supplied
> > with SpamAssassin,
> > >> that is broken for performing updates.
> >
> > > what's the "broken" part?
> >
> > Well, this may not qualify as broke
> On Fri, 11 Aug 2006, Justin Mason wrote:
> > jdow writes:
>
> >> Nor does it make sense to use a tool, even if supplied
> with SpamAssassin,
> >> that is broken for performing updates.
>
> > what's the "broken" part?
>
> Well, this may not qualify as broken, but I would say it's an
> undesirable
On Fri, 11 Aug 2006, Justin Mason wrote:
jdow writes:
Nor does it make sense to use a tool, even if supplied with SpamAssassin,
that is broken for performing updates.
what's the "broken" part?
Well, this may not qualify as broken, but I would say it's an
undesirable behavior that, upon su
jdow writes:
> From: "Jim Maul" <[EMAIL PROTECTED]>
>
> > Bowie Bailey wrote:
> >
> >> It doesn't really matter to me who supports which pieces as long as
> >> they all work.
> >>
> >> Someone may be able to fix sa-update so that it can take over from
> >> RDJ, but as of now, that is not possib
On 8/11/2006 12:02 AM, jdow wrote:
From: "Jim Maul" <[EMAIL PROTECTED]>
Bowie Bailey wrote:
It doesn't really matter to me who supports which pieces as long as
they all work.
Someone may be able to fix sa-update so that it can take over from
RDJ, but as of now, that is not possible without c
From: "Jim Maul" <[EMAIL PROTECTED]>
Bowie Bailey wrote:
It doesn't really matter to me who supports which pieces as long as
they all work.
Someone may be able to fix sa-update so that it can take over from
RDJ, but as of now, that is not possible without configuring about 62
sa-update channe
Perhaps it could be as simple as only updating existing rules for your
installation? In other words, you would have to download the CF file and
install it first (but you would do this anyways to test!!!). Then sa-update
could simply parse your rules directory and update rules found there
accordin
Bowie Bailey wrote:
Michael Scheidell wrote:
From: Bowie Bailey [mailto:[EMAIL PROTECTED]
Possibly. It depends on the overhead involved in setting up the
channels.
Plus, not all of us want ALL 62 files!
Some of the *[0-3] files say to use 70_abcd0.cf , or _1, or_2, or_3.
Would need tome cf
Michael Scheidell wrote:
> From: Bowie Bailey [mailto:[EMAIL PROTECTED]
> >
> > Possibly. It depends on the overhead involved in setting up the
channels.
>
> Plus, not all of us want ALL 62 files!
>
> Some of the *[0-3] files say to use 70_abcd0.cf , or _1, or_2, or_3.
>
> Would need tome cf f
> -Original Message-
> From: Bowie Bailey [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 10, 2006 2:45 PM
> To: users@spamassassin.apache.org
> Subject: RE: Image spam with inline jpeg image
>
>
Possibly. It depends on the overhead involved in setting up
>
Jim Maul wrote:
> Bowie Bailey wrote:
>
> > It doesn't really matter to me who supports which pieces as long as
> > they all work.
> >
> > Someone may be able to fix sa-update so that it can take over from
> > RDJ, but as of now, that is not possible without configuring about
> > 62 sa-update ch
Bowie Bailey wrote:
It doesn't really matter to me who supports which pieces as long as
they all work.
Someone may be able to fix sa-update so that it can take over from
RDJ, but as of now, that is not possible without configuring about 62
sa-update channels (one for each ruleset RDJ manages).
Jim Maul wrote:
> Bowie Bailey wrote:
> > Bret Miller wrote:
> > > > > On Wed, 9 Aug 2006, Gary Funck wrote:
> > > > > > Has anyone considered also supplying new rules in the
> > > > > > form of rpm's available via a yum-compatible repository?
> > > > > > It'd be nice to have the usual versioning a
Bowie Bailey wrote:
Bret Miller wrote:
On Wed, 9 Aug 2006, Gary Funck wrote:
Has anyone considered also supplying new rules in the
form of rpm's available via a yum-compatible repository?
It'd be nice to have the usual versioning and logging
support as well as a central update facility. This
c
Bret Miller wrote:
> > > On Wed, 9 Aug 2006, Gary Funck wrote:
> > > > Has anyone considered also supplying new rules in the
> > > > form of rpm's available via a yum-compatible repository?
> > > > It'd be nice to have the usual versioning and logging
> > > > support as well as a central update fac
> i am reading the link
> http://www.rulesemporium.com/plugins.htm#imageinfo
>
> then the .pm file and do not have a plugins directory. where
> does the .pm
> file go?
> i assume the .cf goes in /etc/mail/spamassassin
>
> and i edit v310.pre then restart spamd
It is probably best to put the plugin
> > On Wed, 9 Aug 2006, Gary Funck wrote:
> > > Has anyone considered also supplying new rules in the
> > > form of rpm's available via a yum-compatible repository?
> > > It'd be nice to have the usual versioning and logging
> > > support as well as a central update facility. This
> > > could be d
On Wed, August 9, 2006 22:01, Gary Funck wrote:
> could be done as a gateway to sa-update, perhaps
> providing the updates in other package formats as well.
rpm packages does not install sa-update ?
i know yum, but dont make it the better sa-update :-)
it was worse enogh with rulesdujour
--
Ben
From: "Gary Funck" <[EMAIL PROTECTED]>
Theo wrote (in part):
sa-update is a generic tool that lets users download
"channels" (ie: bundles
of rules/plugins) from anywhere that decides to publish them
(requires a
certain setup, etc.) At the moment, the only published
channel that I know
of
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
There's nothing stoping the SARE folks from publishing a single or a
bunch of channels and getting rid of RDJ in favor of sa-update if they
wanted to... There are some benefits either way I suppose, and I'm biased
towards sa-update of course. :|
Um,
Logan Shaw wrote:
> On Wed, 9 Aug 2006, Gary Funck wrote:
> > Has anyone considered also supplying new rules in the
> > form of rpm's available via a yum-compatible repository?
> > It'd be nice to have the usual versioning and logging
> > support as well as a central update facility. This
> > coul
On Wed, 9 Aug 2006, Gary Funck wrote:
Has anyone considered also supplying new rules in the
form of rpm's available via a yum-compatible repository?
It'd be nice to have the usual versioning and logging
support as well as a central update facility. This
could be done as a gateway to sa-update, p
Theo wrote (in part):
>
> sa-update is a generic tool that lets users download
> "channels" (ie: bundles
> of rules/plugins) from anywhere that decides to publish them
> (requires a
> certain setup, etc.) At the moment, the only published
> channel that I know
> of is updates.spamassassin.org
- Original Message -
From: "Gary Funck" <[EMAIL PROTECTED]>
To:
Sent: Thursday, August 10, 2006 12:04 AM
Subject: RE: Image spam with inline jpeg image
Menno wrote:
Ramprasad wrote:
>
> But still this mail is getting thru
> http://ecm.netcore.co.in/tmp
On Wed, Aug 09, 2006 at 09:58:19AM -0700, Richard wrote:
> > rules_du_jour was done when sa-update did not exists
>
> are you implying that sa-update replaces rules-du-jour?
That depends on what you mean by "replaces".
> i though sa-update updates the SA distro's bundled rules, but NOT any
> add
Richard wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
hi,
can the rules_du_jour script be config'd to pickup plugin updates as well?
i'd guess more than just an add to "TRUSTED_RULESETS"
everyone likes to have sa-update ruledujour now :-)
i'm sorry, i don't understand that sente
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
hi,
>> can the rules_du_jour script be config'd to pickup plugin updates as well?
>> i'd guess more than just an add to "TRUSTED_RULESETS"
>
> everyone likes to have sa-update ruledujour now :-)
i'm sorry, i don't understand that sentence.
> r
Hi
i am reading the link http://www.rulesemporium.com/plugins.htm#imageinfo
then the .pm file and do not have a plugins directory. where does the .pm
file go?
i assume the .cf goes in /etc/mail/spamassassin
and i edit v310.pre then restart spamd
Mark
On Wed, August 9, 2006 16:39, Richard wrote:
>
> can the rules_du_jour script be config'd to pickup plugin updates as well?
> i'd guess more than just an add to "TRUSTED_RULESETS"
everyone likes to have sa-update ruledujour now :-)
rules_du_jour was done when sa-update did not exists
--
Benny
ound)
> was detected
> though. It was even my first and only image-spam that got a LARGO score
> since the install last week, I don't get many of those spams..
The OCR plugin hits on this one:
Content analysis details: (11.5 points, 5.0 req
I had a similar, less expensive thought; Checking the global color
table in the header of all of the gif images in a particular message. I
tested a couple of spam cases and the GCTs are identical in all of my
limited number of test cases.
Logan Shaw wrote:
> Looks like people have started to ge
rst and only image-spam that got a LARGO score
since the install last week, I don't get many of those spams..
Regards
Menno
--
View this message in context:
http://www.nabble.com/Image-spam-with-inline-jpeg-image-tf2079118.html#a5728450
Sent from the SpamAssassin - Users forum at Nabble.com.
> http://www.rulesemporium.com/plugins.htm#imageinfo
>
> Updates:
> - added optimization changes by Theo Van Dinter
> - added jpeg support
> - added function image_named()
> - added function image_size_exact()
> - added function image_size_range()
> - added function image_to_text_ratio()
>
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
> Are you using the updated version OR the one originally posted?
>
> http://www.rulesemporium.com/plugins.htm#imageinfo
can the rules_du_jour script be config'd to pickup plugin updates as well?
i'd guess more than just an add to "TRUSTED_RULE
Ramprasad wrote:
All my rulesets and the LARGO rules are for catching inline png and
inline gif. Now I am getting stock spams with
images like
--=_NextPart_001_000C_01C6BBE8.11C02650--
--=_NextPart_000_000B_01C6BBE8.11BB4450
Content-Type: image/jpeg; name="militarism.jpg"
Content-T
All my rulesets and the LARGO rules are for catching inline png and
inline gif. Now I am getting stock spams with
images like
--=_NextPart_001_000C_01C6BBE8.11C02650--
--=_NextPart_000_000B_01C6BBE8.11BB4450
Content-Type: image/jpeg; name="militarism.jpg"
Content-Transfer-Encoding: b
Looks like people have started to get a grip on the image
spams that are so popular lately, but here's an additional
idea I thought I'd toss out. (I'm not familiar enough with
SA to easily figure out how to make a plugin.)
Basically, these spams all have a bunch of images which are
tiles of a la
John Rudd wrote:
No, 70 would still be 70. 07 would become 00. And 07 is a pretty
faint red. Looking at it now, I can't distinguish it from black.
(70 is 0111 so the lower 3 or 4 bits are already 0's, whereas 07
is 0111 .. THAT becomes 0 and is indistinguishable from
black
On Wed, 2 Aug 2006 [EMAIL PROTECTED] wrote:
> Maybe I'm not getting the obvious, but what about using something like
> Perl::Magick to convert a given image into B/W? I mean, ImageMagick is
> made for things like that...
> Shrinking it to, say, a quarter of it's original size would take care of
>
>
> On Aug 2, 2006, at 3:03 AM, Matthias Keller wrote:
>
will it not be much faster just to make a md5 sum on the image file
without
thinking if it a appel or orange ? :-)
>>> Yes, but just taking a straight sum will be sensitive to all of those
>>> small pixels which are changed by
On Aug 2, 2006, at 3:03 AM, Matthias Keller wrote:
will it not be much faster just to make a md5 sum on the image file
without
thinking if it a appel or orange ? :-)
Yes, but just taking a straight sum will be sensitive to all of those
small pixels which are changed by the spammers so that th
will it not be much faster just to make a md5 sum on the image file
without
thinking if it a appel or orange ? :-)
Yes, but just taking a straight sum will be sensitive to all of those
small pixels which are changed by the spammers so that they have
different sums, but the differences aren'
On Aug 2, 2006, at 12:12 AM, Benny Pedersen wrote:
On Wed, August 2, 2006 06:11, John Rudd wrote:
white will produce (assuming 24bit color) f0,f0,f0 and black will
produce 00,00,00. Thus, you get a nice high-contrast image for
feeding
just for clearness white is ff, ff, ff
yes, white i
On Aug 1, 2006, at 11:58 PM, Derek Harding wrote:
John Rudd wrote:
On Aug 1, 2006, at 10:30 PM, Derek Harding wrote:
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black & white speckled image with red text on it?
Explain to me how you think it will fail?
So you're
On Wed, August 2, 2006 06:11, John Rudd wrote:
> white will produce (assuming 24bit color) f0,f0,f0 and black will
> produce 00,00,00. Thus, you get a nice high-contrast image for feeding
just for clearness white is ff, ff, ff
will it not be much faster just to make a md5 sum on the image file
John Rudd wrote:
On Aug 1, 2006, at 10:30 PM, Derek Harding wrote:
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black & white speckled image with red text on it?
Explain to me how you think it will fail?
So you're dropping three bits? White is FF, Black 00,
On Aug 1, 2006, at 10:30 PM, Derek Harding wrote:
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black & white speckled image with red text on it?
Explain to me how you think it will fail?
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black & white speckled image with red text on it?
BTW I think the OCR approach is unlikely to succeed due to processing
constraints.
Derek
On Aug 1, 2006, at 8:55 PM, Loren Wilton wrote:
2) to combat the "images with subtle differences", develop a checksum
method that ignores the lower (3 or 4 bits? out of 8 bits) of each
color channel. That way you get what is essentially a very high
Won't work. White on black and black on w
2) to combat the "images with subtle differences", develop a checksum
method that ignores the lower (3 or 4 bits? out of 8 bits) of each color
channel. That way you get what is essentially a very high
Won't work. White on black and black on white are both quite readable, and
will fail the ab
1) use Martin Blapp's OCR plugin/patch for SA. feed data to bayes.
http://antispam.imp.ch/patches/patch-ocrtext
2) to combat the "images with subtle differences", develop a checksum
method that ignores the lower (3 or 4 bits? out of 8 bits) of each
color channel. That way you get what is e
majority of mails I receive has a big image on the top, sometimes
combined from multiple image files, containing a lot of text I don't
want to read (stocks "info" and the like), followed by some lines of
Try the rulesemporium stock rules.
Loren
Visit http://www.rulesemporium.com/ and read up on the various sets of
rules these fine people maintain. Many of them do very well with image
only spam or image over nonsense text spam as well as stock spam.
For these types of spam it is also imperative that you have the standard
set of block lis
On Sunday 16 July 2006 06:00, John Andersen wrote:
> On Saturday 15 July 2006 08:49 pm, jdow wrote:
> > Somehow I figure a better than 1200:1 scoring ratio is a pretty lopsided
> > win for SpamAssassin.
>
> And yet, in spite of your statistics, there is more spam than ever.
> Some estimates are tha
Hi there,
I'm running SpamAssassin on my mailbox and rejecting anything above a
score of 10. But lately the spam volume increases again. The bug
majority of mails I receive has a big image on the top, sometimes
combined from multiple image files, containing a lot of text I don't
want to read (stock
amBouncer, the reasonable
> conclusion here is that you have no idea what you're talking about.
>
:-D
As for the image spam, like the article says: "Spammers
are foiling SOME security software by sending junk emails containing nothing
but images, according to experts."
SA de
Shane Williams wrote:
On Sun, 16 Jul 2006, John Andersen wrote:
On Sunday 16 July 2006 06:35 am, Shane Williams wrote:
I never realized SpamAssassin was started back in 1994. What version
number was that? I'd say it was definitely ahead of its time, since I
almost never got email spam until
201 - 300 of 350 matches
Mail list logo
