[sniffer] Re: Spam
Pete: It appears that you guys have it corraled for now. The rate of leakage has dropped again. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, May 13, 2007 3:51 PM To: Message Sniffer Community Subject: [sniffer] Re: Spam Hello Chuck, We are working on a sequence of very aggressive campaigns that started today. They started about 8 hours ago and haven't stopped. We are catching up though. Looks like the blackhats decided to start the week early. _M Sunday, May 13, 2007, 1:05:45 PM, you wrote: We are seeing a lot of spam getting through. running updates but does not seem to be stopping it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Lots of drug spam getting through
We are seeing tons of spam coming through with the subject Re: new ... and advertising drugs. Any luck on stopping this? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Lot of stock spam getting through....
We are seeing a lot of stock spam that is only a picture image getting through sniffer. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
Re: [sniffer]Sniffer updates down?
John: We are able to download updates fine. Could be some routing issues. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, June 02, 2006 3:23 PM To: Message Sniffer Community Subject: [sniffer]Sniffer updates down? I am getting errors since late last night that host can not be found. John T eServices For You Seek, and ye shall find! # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Lot of Drugs Spam getting through sniffer....
The last few days tons on Drus spam is coming in and sniffer is catching none of it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] What do these metrics mean?
Running sniffer in persistent mode I have a file ending in persistent.stat that contains the following: TicToc: 1141720044 Loop: 463 Poll: 712 Jobs: 239565 Secs: 1080801 Msg/Min: 13.2993 Current-Load: 14.7287 Average-Load: 15.7907 I can guess what most of these mean put I would just like to be sure. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] lots of investment spam not being caught by sniffer...
Hopefully the rulebase is being updated but we are getting slammed by this stuff. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Large amounts of spam still getting through
Pete: Thanks. I am just frustrated by the continued spam growth. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, October 14, 2005 9:08 AM To: Chuck Schick Subject: Re: [sniffer] Large amounts of spam still getting through On Friday, October 14, 2005, 10:59:05 AM, Chuck wrote: CS We are seeing a lot of the drug spam getting through. Anyway that CS sniffer could start catching these. And yes I am forwarding them CS all. There are a number of new campaigns launched today with some heavy bandwidth behind them. We have rules in place for most (if not all) of the new stuff, however there is a delay before these rules might get to you - during that window some of these will get through. Over the past few months we have increased the rate at which we send out updates - nearly cutting the time in half. Updates are now sent every 180 minutes or so. We are also working on the next version which will allow for nearly instantaneous updates. In the mean time we will continue to work on speeding things up as much as we can. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Spam keeps getting through...
Sniffer is not catching a wave of spam (drug offers) this has been going on for over a week and I have been forwarding examples. Is there anything that can be done? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Contact information...
Pete: Could you post where to send notifications like false positives. I had that info but I seem to have misplaced it. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Spam blocks loading me up with spam
We have been seeing these. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, June 16, 2005 4:04 PM To: sniffer@SortMonster.com Subject: [sniffer] Spam blocks loading me up with spam Am I the only one getting blasted by these spam from these IP blocks? Sniffer seems a little behind on catching these. 200.49.48.0/24 200.49.48.0/24 200.49.49.0/24 200.49.49.0/24 mowz2.com 200.49.50.0/24 200.49.50.0/24 qckcstmr.com 200.49.51.0/24 200.49.51.0/24 srvdupfrsh.com 200.49.52.0/24 200.49.52.0/24 aahtv.com 200.49.53.0/24 200.49.53.0/24 aakai.com 200.49.54.0/24 200.49.54.0/24 aakib.com 200.49.55.0/24 200.49.55.0/24 aakli.com 200.49.56.0/24 200.49.56.0/24 aafix.com 200.49.57.0/24 200.49.57.0/24 e.com 200.49.58.0/24 200.49.58.0/24 200.49.59.0/24 200.49.59.0/24 Domain names and links seem to be five chars beginning with aa. They also seem to be progressing through the IP blocks. i think they started in on the June 15th and have been spamming pretty consistantly. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False Positives.
I am all of a sudden having all of the mail from one of our hosted domains fail the sniffer-phishing. The domain is srinternational.com - could you please check on this. All of the emails are different - just from the same domain. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] A lot of Porn Spam getting through.
I have been. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, February 02, 2005 2:01 PM To: Chuck Schick Subject: Re: [sniffer] A lot of Porn Spam getting through. On Wednesday, February 2, 2005, 3:09:27 PM, Chuck wrote: CS Anyone else seeing this? Be sure to submit them. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Sortmonster updates are down.
Pete: No problem. just wanted you to be aware there was an issue. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, January 30, 2005 1:32 AM To: Chuck Schick Subject: Re: [sniffer] Sortmonster updates are down. On Sunday, January 30, 2005, 1:52:34 AM, Chuck wrote: CS Just tried routing through 2 other backbones. The updates are not CS responding. Sorry for the trouble. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] cannot connect to updates.
Unable to connect to sortmonster for updates. Please let me know if it is us or is something wrong. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Sortmonster updates are down.
Just tried routing through 2 other backbones. The updates are not responding. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Sniffer seems to be causing false positives.
Pete: Thanks for looking. It was very strange because it was such varied messages from general correspondence, quotes. and personal correspondence. I put a little negative weight in for statefarm.com which should keep it from getting caught. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, January 19, 2005 7:05 PM To: Pete McNeil Subject: Re[2]: [sniffer] Sniffer seems to be causing false positives. On Wednesday, January 19, 2005, 9:02:02 PM, Pete wrote: PM On Wednesday, January 19, 2005, 8:00:41 PM, Chuck wrote: CS It appears that emails from statefarm.com are all being failed by CS SNIFFER-OBFUSCATION code 61. It appears from multiple senders and CS to multiple recipient domains. Any thoughts?? PM I will check though I doubt seriously that we would create this kind PM of rule - - a show of hands says we all recognize statefarm. Most PM likely this is an IP rule that got picked up by a robot, or perhaps PM something incidental. PM Please be sure to post a false positive report and if you can PM identify the rule in your log files then you can add the ID as a PM rule panic in your .cfg to alleviate the problem immediately while PM we take the time to understand things further. Just to follow up --- there are no rules that contain statefarm - so we must be looking for something incidental. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Sniffer Notifications now failing declude spamheaders test
Title: Message It appears that all mail is failing spamheaders. You should quit using the spam headers test until declude fixes the bug. Discussion of this is on the declude lits. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim MatuskaSent: Monday, January 03, 2005 9:02 AMTo: sniffer@SortMonster.comSubject: [sniffer] Sniffer Notifications now failing declude spamheaders test Has anything changed recently in the format of the sniffer notification messages? I am noticing all the notifications for the last few days have been failing decludes spamheaders test, this hasn't happened before. Jim Matuska Jr.Computer Tech2, CCNANez Perce TribeInformation Systems[EMAIL PROTECTED]
RE: [sniffer] Excess spam over the weekend
Jim: We saw just the opposite. The amount of Spam appeared to be down over the holiday weekend. We saw less total volume and less spam in the spam traps. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Sent: Monday, December 27, 2004 8:24 AM To: sniffer@SortMonster.com Subject: [sniffer] Excess spam over the weekend Is anyone else seeing a huge flood of spam over the weekend? I have received a ton of it since Friday, a lot of it is not being picked up by sniffer either. Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Downloads are slow...
Pete: It appears on weekends the sniffer downloads are really slow. I am downloading at 14 minutes past the hour and I am about 1/20 th of the normal speed. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Download server is really slow..
Pete: It is Sunday night at 10 minutes after the hour and the download server is still very slow - so I am not too sure there is just a run on the server. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, December 15, 2004 7:00 PM To: Greg Wanner Subject: Re[2]: [sniffer] Download server is really slow.. According to the logs there was a run on the server at this time... apparently quite a few servers downloading at the top of the hour - all competing. If you use a scheduled task for getting your rulebase files, please stagger your download schedule according to the chart here: http://www.sortmonster.com/MessageSniffer/Help/LogsHelp.html#When The chart is based on the first letter of your license ID. Scheduling updates at these times will ensure that we don't have a pile-up where everyone gets to the server at the top of the hour or some other common time. Folks who are triggering updates based on our update notifications are already making the most efficient use of resources because our rulebase compiler system schedules updates in a nice even flow. Hope this helps, Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Download server is really slow..
Anyone else having that problem? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Recent SPAM
Yes, I have seen three pieces of spam over and over again - two for drugs and one porn. I am running the latest version, rules are up to date, no on the log files, I am forwarding the emails to [EMAIL PROTECTED] I was thinking about raising this issue so I am glad someone else is seeing the same thing. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Lewis-Waller Sent: Tuesday, November 30, 2004 10:11 AM To: [EMAIL PROTECTED] Subject: [sniffer] Recent SPAM Has anyone else seen a massive increase in SPAM not being caught by Messgae Sniffer recently? On a personal level I'm now seeing around 20-30 undetected junk emails per day whereas a couple of weeks ago it was of the order 2-5 emails a day. Sorry, I have have any quantitive figures at the moment. Regards, David This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
