Re: [Declude.JunkMail] Image spam
I need an image spam solution. I followed this discussion, but I didn't see much talk about what people are actually using that currently works well for them. I would most appreciate it if you would share your method for dealing with image spam. We have on particular spam that comes through multiple times every day. Its getting tiring. There isn't enough other things wrong with the message to block it. As stated earlier in this thread, many are using clamAV with the SaneSecurity signature addition to catch the image spam with excellent results. My clamav service runs after a few others in the email stream but it still catches lots of crap: 10683 total emails blocked by clamd since Nov 1 2006 (4 months) 1220 by clamAV official sigs*: -- 966 malware infected emails tojan = 911 bagle = 55 247 phishing emails bank = 167 paypal = 55 auction = 18 acc (?) = 5 card = 2 7 policy failures encrypted zip = 4 Archive.ExceededRecursionLimit = 2 CAB.ExceededFileSize = 1 9459 by Sanesecurity signatures*: -- 8414 image spams 537 spam 219 malware 150 stk 72 phishing bank = 24 rock = 17 auction = 15 paypal = 10 cur = 3 azon = 2 card = 1 33 loan 17 dipl 14 scam 2 job 1 hdr * = descriptions are from clamd log. I do not know what all of them stand for. 4 by MSRBL image scam signatures (just started) Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Image spam
Until you make a decision on a specific software try adding the filter David mentioned from the earlier post. We added it about two weeks ago and have noticed a definite reduction of image spam. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Thursday, March 08, 2007 10:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam I'm confused. I understood that if you host multiple email domains on a mail server that you're considered a hosting company and can't purchase commtouch? At least I vaguely recall something to that affect. I checked Declude's site and I don't see commtouch listed on there anywhere (it used to be) other than under "technology partners." Obviously, I'm missing something. So what is the scoop? I need an image spam solution. I followed this discussion, but I didn't see much talk about what people are actually using that currently works well for them. I would most appreciate it if you would share your method for dealing with image spam. We have on particular spam that comes through multiple times every day. Its getting tiring. There isn't enough other things wrong with the message to block it. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 1:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-arc
RE: [Declude.JunkMail] Image spam
Commtouch's concern is for ISP's / Service Providers who basically run their business as a potential clean and forward service or similar like postini types. David _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, March 08, 2007 12:10 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam The way it was explained to me is as follows. If you have customers you charge for email hosting you are hosting company. If you are a company with multiple domains you are not. We have multiple domains and use CommTouch. We have domains for multiple divisions. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Thursday, March 08, 2007 8:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam I'm confused. I understood that if you host multiple email domains on a mail server that you're considered a hosting company and can't purchase commtouch? At least I vaguely recall something to that affect. I checked Declude's site and I don't see commtouch listed on there anywhere (it used to be) other than under "technology partners." Obviously, I'm missing something. So what is the scoop? I need an image spam solution. I followed this discussion, but I didn't see much talk about what people are actually using that currently works well for them. I would most appreciate it if you would share your method for dealing with image spam. We have on particular spam that comes through multiple times every day. Its getting tiring. There isn't enough other things wrong with the message to block it. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 1:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archi
RE: [Declude.JunkMail] Image spam
The way it was explained to me is as follows. If you have customers you charge for email hosting you are hosting company. If you are a company with multiple domains you are not. We have multiple domains and use CommTouch. We have domains for multiple divisions. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Thursday, March 08, 2007 8:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam I'm confused. I understood that if you host multiple email domains on a mail server that you're considered a hosting company and can't purchase commtouch? At least I vaguely recall something to that affect. I checked Declude's site and I don't see commtouch listed on there anywhere (it used to be) other than under "technology partners." Obviously, I'm missing something. So what is the scoop? I need an image spam solution. I followed this discussion, but I didn’t see much talk about what people are actually using that currently works well for them. I would most appreciate it if you would share your method for dealing with image spam. We have on particular spam that comes through multiple times every day. Its getting tiring. There isn’t enough other things wrong with the message to block it. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 1:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECT
RE: [Declude.JunkMail] Image spam
I'm confused. I understood that if you host multiple email domains on a mail server that you're considered a hosting company and can't purchase commtouch? At least I vaguely recall something to that affect. I checked Declude's site and I don't see commtouch listed on there anywhere (it used to be) other than under "technology partners." Obviously, I'm missing something. So what is the scoop? I need an image spam solution. I followed this discussion, but I didn't see much talk about what people are actually using that currently works well for them. I would most appreciate it if you would share your method for dealing with image spam. We have on particular spam that comes through multiple times every day. Its getting tiring. There isn't enough other things wrong with the message to block it. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 1:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Image spam
Commtouch works great for me. Kindest Regards Craig Edmonds 123 Marbella Internet Marbella Guide Property Web Portal W: <http://www.123marbella.com> www.123marbella.com W: www.marbellaguide.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 8:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Image spam
Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Blank Bkgrd.gif Description: GIF image
RE: [Declude.JunkMail] Image spam
In the same directory as your clam database files. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Monday, February 26, 2007 1:59 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Where does the .HDB file need to end up? I'm not familiar with that extension. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, 21 February 2007 1:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Blank Bkgrd.gif Description: GIF image
RE: [Declude.JunkMail] Image spam
Where does the .HDB file need to end up? I'm not familiar with that extension. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, 21 February 2007 1:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Blank Bkgrd.gif Description: GIF image
Re[2]: [Declude.JunkMail] Image spam
> How is this licensed? Dunno, but if it costs you an ORF license to use it under Declude, it's still very cheap. > It appears that ORF is needed to use it legitimately -- is that > correct? Well, it's not in their customer-only area, so you can draw whatever conclusion you want from that. > Also, can this be configured to be called only when an image > attachment is detected? I don't believe so, but redecoding the MIME within the external process should add very minimal overhead. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Image spam
4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 How is this licensed? It appears that ORF is needed to use it legitimately -- is that correct? Also, can this be configured to be called only when an image attachment is detected? Bill --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Image spam
Hi Scott,
Scott Fisher wrote:
Are there any end users who are using the VAMSOFT IMAGE SPAM AGENT tht
would like to comment on it's effectiveness / processor utilization?
it seems to not use much cpu; its effectiveness is ok. In case you are
unaware it does not ocr the email, it just works on probability - like a
combo filter eg: It returns a value based on its confidence level and I
score accordingly.
Below is how I have it config'ed
[I hold on 10 and delete on 30]
-Nick
EXTERNAL.ORF.IMAGE_80 external80
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_81 external81
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_82 external82
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_83 external83
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_84 external84
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_85 external85
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_86 external86
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_87 external87
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_88 external88
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_89 external89
"e:\IMail\declude\orf\imgspamagent.exe -check" 10
EXTERNAL.ORF.IMAGE_90 external90
"e:\IMail\declude\orf\imgspamagent.exe -check" 40
EXTERNAL.ORF.IMAGE_91 external91
"e:\IMail\declude\orf\imgspamagent.exe -check" 40
EXTERNAL.ORF.IMAGE_92 external92
"e:\IMail\declude\orf\imgspamagent.exe -check" 40
EXTERNAL.ORF.IMAGE_93 external93
"e:\IMail\declude\orf\imgspamagent.exe -check" 40
EXTERNAL.ORF.IMAGE_94 external94
"e:\IMail\declude\orf\imgspamagent.exe -check" 40
EXTERNAL.ORF.IMAGE_95 external95
"e:\IMail\declude\orf\imgspamagent.exe -check" 50
EXTERNAL.ORF.IMAGE_96 external96
"e:\IMail\declude\orf\imgspamagent.exe -check" 50
EXTERNAL.ORF.IMAGE_97 external97
"e:\IMail\declude\orf\imgspamagent.exe -check" 50
EXTERNAL.ORF.IMAGE_98 external98
"e:\IMail\declude\orf\imgspamagent.exe -check" 60
EXTERNAL.ORF.IMAGE_99 external99
"e:\IMail\declude\orf\imgspamagent.exe -check" 70
EXTERNAL.ORF.IMAGE_100 external100
"e:\IMail\declude\orf\imgspamagent.exe -check" 80
- Original Message -
*From:* David Barker <mailto:[EMAIL PROTECTED]>
*To:* declude.junkmail@declude.com
<mailto:declude.junkmail@declude.com>
*Sent:* Wednesday, February 21, 2007 12:08 PM
*Subject:* RE: [Declude.JunkMail] Image spam
*_Declude and Image based spam - 4 methods
_1. COMMTOUCH*
Commtouch Recurrent Pattern Detection contains an intrinsic
mechanism to exact-match recurrent patterns across similar but
not-identical messages. However in the case of images, the minute
the spammer makes even the smallest changes to an image, the
image-encoded data appears completely different. Commtouch
identified this trend in the earliest days of image-based spam,
and made the necessary enhancements to its detection engine in
order to defend against this new threat with a sophisticated
protection shield. Commtouch invested significant resources into
developing a method for decoding the images and then sampling them
using the proven RPD approach. The result is a significantly
improved spam detection rate, while maintaining the same low
false-positive rate.
*2. CLAMWIN*
Using ClamAV as a virus scanner with Declude you can download the
MSRBL-Images.hdb file which has additional signatures (MD5 sigs)
which contains signatures created from images contained within
spam emails. http://www.msrbl.com/site/msrblimagesdownload
*3. FILTER-CID*
Identifies emails which contains images increasing the weight
suffeciently on spam messages to reach the spam threshold.
#EXCEPTIONS
BODYENDNOTCONTAINScid:
BODYENDNOTCONTAINSContent-Type: image/
#IMAGES
BODY3CONTAINSsrc=3D"cid:
BODY3CONTAINSsrc="cid:
BODY3CONTAINSsrc='cid:
BODY3CONTAINSimg src="cid:
BODY3CONTAINSimg src=3Dcid:
BODY3CONTAINS/cid:
#IMAGE TYPES
BODY2CONTAINSContent-Type: image/gif;
BODY2CONTAINSContent-Type: image/jpeg;
*4. VAMSOFT IMAGE SPAM AGENT*
This tool is an Ex
Re: [Declude.JunkMail] Image spam
BlankAre there any end users who are using the VAMSOFT IMAGE SPAM AGENT tht would like to comment on it's effectiveness / processor utilization? - Original Message - From: David Barker To: declude.junkmail@declude.com Sent: Wednesday, February 21, 2007 12:08 PM Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Blank Bkgrd.gif Description: GIF image
RE: [Declude.JunkMail] Image spam
John, I assigned a weight base on this scale: 10 Low Spam 15 Mid Spam 20 High Spam I guess which is pretty much the same scale as HOLD at 20. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John E. Richardson Sent: Wednesday, February 21, 2007 1:43 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Hi David, Great information, thank you. What is the hold value for this setup, 20? The provided syntax is great, but it would generally be helpful to know that the test should be valued at x% of your hold weight. I hesitate to assume but wanted to make sure if it was, in fact, based off of the default hold value of 20. Thanks, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 1:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Image spam
Hi David, Great information, thank you. What is the hold value for this setup, 20? The provided syntax is great, but it would generally be helpful to know that the test should be valued at x% of your hold weight. I hesitate to assume but wanted to make sure if it was, in fact, based off of the default hold value of 20. Thanks, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 1:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Image spam
Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3D"cid: BODY3CONTAINSsrc="cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src="cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero"[path]\Declude\VSIMAGE\imgspamagent.exe -check" 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Blank Bkgrd.gif Description: GIF image
[Declude.JunkMail] Image spam
Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Blank Bkgrd.gif Description: Blank Bkgrd.gif
[Declude.JunkMail] Image Spam
Sniffer tags some of the image spam we receive but much of it doesn't score high enough for a hold weight. Is Declude or anyone else working on anything new that will be more effective at catching image spam? We're not eligible for Interceptor because we host email for some other companies. What options are available? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] image spam
Sanford Whiteman wrote: In keeping with the increased CPU demands of such tests, the new version of SPAMC32 will contain the ability to send the request to two (maybe more than two in future) "tiered" SPAMD daemons. The second daemon -- listening on a different port, or on a different machine -- will be consulted only if the results from the first daemon are within configured thresholds. great idea. tag team to distribute the load as needed. P.S. This gives me the idea of having different max-size switches for messages with and without image attachments. What do you think, SPAMC32 users? good idea again. Otherwise blatant spam is possibly bypassed.. -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] image spam
> http://wiki.apache.org/spamassassin/OcrPlugin > http://antispam.imp.ch/patches/patch-ocrtext > That will ocr the gifs, etc. These should help SA be even more effective > within Declude.. In keeping with the increased CPU demands of such tests, the new version of SPAMC32 will contain the ability to send the request to two (maybe more than two in future) "tiered" SPAMD daemons. The second daemon -- listening on a different port, or on a different machine -- will be consulted only if the results from the first daemon are within configured thresholds. So if you already flag the spam using less resource-intensive tests, you can short-circuit the testing at that point. I'd guess it's possible to do this within Declude as well, by defining SPAMC32 a few different times, but just trying to make some stuff a little easier on both sides. . . . --Sandy P.S. This gives me the idea of having different max-size switches for messages with and without image attachments. What do you think, SPAMC32 users? Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] image spam
RulesDeJour is a script for pulling down the non-official SARE rules sets. The sa-update script is used to pull down official SA rule updates (updating the default rule sets that come with SA). Bill - Original Message - From: "Colbeck, Andrew" <[EMAIL PROTECTED]> To: Sent: Thursday, May 04, 2006 2:00 PM Subject: RE: [Declude.JunkMail] image spam For what it's worth, SARE has their own download script (I'm not familiar with the sa-update script Bill mentioned) called RulesDuJour which is a bash shell script: http://www.exit0.us/index.php?pagename=RulesDuJour And that page contains a howto link for us Windows users who are running CygWin: http://www.exit0.us/index.php?pagename=InstallRdjOnCygwin Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Thursday, May 04, 2006 1:50 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] image spam Thanks Bill. I have been using the SARE stock rules but the others I was unaware of - as well as the update script! -Nick Bill Landry wrote: > You might also want to look at using the SARE rules at > http://www.rulesemporium.com/rules.htm, particularly the SARE Stock > rules (70_sare_stocks.cf). Also, a couple of Fred's rule sets at > http://www.rulesemporium.com/other-rules.htm (88_FVGT_rawbody.cf & > 99_FVGT_meta.cf) can be quite helpful, as well. > > If you are running SA 3.1.1, you can also use the sa-update script to > pull down the latest SA rules, which includes additional rules found > in the 80_additional.cf rule set that are very good at tagging these > kinds of image spams. > > And finally, Sniffer seems to successfully tag almost 100% of these > image spams, and Razor tags a majority of them, as well. > > Bill > - Original Message - From: "Nick Hayer" > <[EMAIL PROTECTED]> > To: > Sent: Thursday, May 04, 2006 7:39 AM > Subject: [Declude.JunkMail] image spam > > >> fyi - >> >> I just found these 2 plugins for spamassassin >> http://wiki.apache.org/spamassassin/OcrPlugin >> http://antispam.imp.ch/patches/patch-ocrtext >> >> That will ocr the gifs, etc. These should help SA be even more >> effective within Declude.. >> >> -Nick >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >> "unsubscribe Declude.JunkMail". The archives can be found at >> http://www.mail-archive.com. >> > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] image spam
For what it's worth, SARE has their own download script (I'm not familiar with the sa-update script Bill mentioned) called RulesDuJour which is a bash shell script: http://www.exit0.us/index.php?pagename=RulesDuJour And that page contains a howto link for us Windows users who are running CygWin: http://www.exit0.us/index.php?pagename=InstallRdjOnCygwin Andrew 8) > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer > Sent: Thursday, May 04, 2006 1:50 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] image spam > > Thanks Bill. I have been using the SARE stock rules but the > others I was unaware of - as well as the update script! > > -Nick > > > Bill Landry wrote: > > > You might also want to look at using the SARE rules at > > http://www.rulesemporium.com/rules.htm, particularly the SARE Stock > > rules (70_sare_stocks.cf). Also, a couple of Fred's rule sets at > > http://www.rulesemporium.com/other-rules.htm (88_FVGT_rawbody.cf & > > 99_FVGT_meta.cf) can be quite helpful, as well. > > > > If you are running SA 3.1.1, you can also use the sa-update > script to > > pull down the latest SA rules, which includes additional > rules found > > in the 80_additional.cf rule set that are very good at > tagging these > > kinds of image spams. > > > > And finally, Sniffer seems to successfully tag almost 100% of these > > image spams, and Razor tags a majority of them, as well. > > > > Bill > > - Original Message - From: "Nick Hayer" > > <[EMAIL PROTECTED]> > > To: > > Sent: Thursday, May 04, 2006 7:39 AM > > Subject: [Declude.JunkMail] image spam > > > > > >> fyi - > >> > >> I just found these 2 plugins for spamassassin > >> http://wiki.apache.org/spamassassin/OcrPlugin > >> http://antispam.imp.ch/patches/patch-ocrtext > >> > >> That will ocr the gifs, etc. These should help SA be even more > >> effective within Declude.. > >> > >> -Nick > >> --- > >> This E-mail came from the Declude.JunkMail mailing list. To > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > >> "unsubscribe Declude.JunkMail". The archives can be found at > >> http://www.mail-archive.com. > >> > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] image spam
Thanks Bill. I have been using the SARE stock rules but the others I was unaware of - as well as the update script! -Nick Bill Landry wrote: You might also want to look at using the SARE rules at http://www.rulesemporium.com/rules.htm, particularly the SARE Stock rules (70_sare_stocks.cf). Also, a couple of Fred's rule sets at http://www.rulesemporium.com/other-rules.htm (88_FVGT_rawbody.cf & 99_FVGT_meta.cf) can be quite helpful, as well. If you are running SA 3.1.1, you can also use the sa-update script to pull down the latest SA rules, which includes additional rules found in the 80_additional.cf rule set that are very good at tagging these kinds of image spams. And finally, Sniffer seems to successfully tag almost 100% of these image spams, and Razor tags a majority of them, as well. Bill - Original Message - From: "Nick Hayer" <[EMAIL PROTECTED]> To: Sent: Thursday, May 04, 2006 7:39 AM Subject: [Declude.JunkMail] image spam fyi - I just found these 2 plugins for spamassassin http://wiki.apache.org/spamassassin/OcrPlugin http://antispam.imp.ch/patches/patch-ocrtext That will ocr the gifs, etc. These should help SA be even more effective within Declude.. -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] image spam
You might also want to look at using the SARE rules at http://www.rulesemporium.com/rules.htm, particularly the SARE Stock rules (70_sare_stocks.cf). Also, a couple of Fred's rule sets at http://www.rulesemporium.com/other-rules.htm (88_FVGT_rawbody.cf & 99_FVGT_meta.cf) can be quite helpful, as well. If you are running SA 3.1.1, you can also use the sa-update script to pull down the latest SA rules, which includes additional rules found in the 80_additional.cf rule set that are very good at tagging these kinds of image spams. And finally, Sniffer seems to successfully tag almost 100% of these image spams, and Razor tags a majority of them, as well. Bill - Original Message - From: "Nick Hayer" <[EMAIL PROTECTED]> To: Sent: Thursday, May 04, 2006 7:39 AM Subject: [Declude.JunkMail] image spam fyi - I just found these 2 plugins for spamassassin http://wiki.apache.org/spamassassin/OcrPlugin http://antispam.imp.ch/patches/patch-ocrtext That will ocr the gifs, etc. These should help SA be even more effective within Declude.. -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] image spam
fyi - I just found these 2 plugins for spamassassin http://wiki.apache.org/spamassassin/OcrPlugin http://antispam.imp.ch/patches/patch-ocrtext That will ocr the gifs, etc. These should help SA be even more effective within Declude.. -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
