Re: Bitcoin ransom mail
On 12/11/19 6:21 AM, KADAM, SIDDHESH wrote: > Hi PFA... > > On 12/11/2019 12:36 AM, Giovanni Bechis wrote: >> On 12/10/19 7:49 PM, Michael Storz wrote: >> [...] >>> My copy hit >>> >>> BODY_SINGLE_WORD=1.347, HTML_IMAGE_ONLY_04=1.172, MPART_ALT_DIFF=0.79 >>> >>> not enough to mark it as spammy. > FuzzyOcr + bayes is killing this kind of emails for me: 5.0 FUZZY_OCR BODY: Mail contains an image with common spam text inside [Words found:] ["cialis" in 2 lines] [(2 word occurrences found)] Giovanni
Re: SA memory (Re: ".*" in body rules)
> hmmm, the machine has 4G of RAM and SA now takes 4.5. > The check rund out of time but produces ~450K debug file. > > This is where it hangs: > > Dec 10 17:43:51.727 [9721] dbg: bayes: tokenized header: 211 tokens What are the full counts if you put it through 'grep tokenized'
Re: Bitcoin ransom mail
On 12/10/19 7:49 PM, Michael Storz wrote: [...] > My copy hit > > BODY_SINGLE_WORD=1.347, HTML_IMAGE_ONLY_04=1.172, MPART_ALT_DIFF=0.79 > > not enough to mark it as spammy. > > could you share a spample (as a pastebin uri or in private) ? Giovanni
Re: Bitcoin ransom mail
Am 2019-12-10 19:03, schrieb Joseph Brennan: A user here reported a new twist on the bitcoin ransom mail. New to me, anyway. From: Casper Mitten Sent: Monday, December 9, 2019 10:00 PM The Subject was a single word, supposedly a password. The message was a jpg picture of text. Although it was in English, many vowels were accented special characters. The recipient was expected to scan a QR code in the picture to get the bitcoin string! I'm sending this purely for information. The user's report (as usual) does not include headers so I don't know what scored. It must have hit a rule for a message with no text and an image. There isn't much else there. -- Joseph Brennan Lead, Email and Systems Applications My copy hit BODY_SINGLE_WORD=1.347, HTML_IMAGE_ONLY_04=1.172, MPART_ALT_DIFF=0.79 not enough to mark it as spammy. Michael
Bitcoin ransom mail
A user here reported a new twist on the bitcoin ransom mail. New to me, anyway. From: Casper Mitten Sent: Monday, December 9, 2019 10:00 PM The Subject was a single word, supposedly a password. The message was a jpg picture of text. Although it was in English, many vowels were accented special characters. The recipient was expected to scan a QR code in the picture to get the bitcoin string! I'm sending this purely for information. The user's report (as usual) does not include headers so I don't know what scored. It must have hit a rule for a message with no text and an image. There isn't much else there. -- Joseph Brennan Lead, Email and Systems Applications
Re: SA memory (Re: ".*" in body rules)
On Mon, Dec 09, 2019 at 10:54:00AM +0100, Matus UHLAR - fantomas wrote: I'm afraid I can't provide clients' file. I can only repeat: - the mail is 20424329 bytes - the mail contains single uuencoded .rar file inline. -rw-rw-rw- 1 root root 14818832 Dec 9 10:50 'redacted.rar' I have tried to run it again, it took about 20minutes to scan and memory usage slowly increased up to: PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 1924 amavis20 0 3916332 2.8g 1468 D 1.0 72.2 3:08.08 spamassassin note the "amavis" is the spamassassin command line client running under amavis user to use amavis' bayes database: amavis1924 24.8 72.9 3916332 2923964 ? D10:23 3:08 /usr/bin/perl -T -w /usr/bin/spamassassin -x -rw--- 1 amavis amavis 10584064 Dec 9 10:45 bayes_seen -rw--- 1 amavis amavis 10760192 Dec 9 10:45 bayes_toks I have tried to attach the proces using strace, after a while it produced output (only 2 rules hit), and exited. I hope this didn't cause premature exit of the SA client. On 09.12.19 12:07, Henrik K wrote: And what does running spamassassin debug directly from command line output? Where does it hang? spamassassin -t -D < message >/dev/null hmmm, the machine has 4G of RAM and SA now takes 4.5. The check rund out of time but produces ~450K debug file. This is where it hangs: Dec 10 17:43:51.727 [9721] dbg: bayes: tokenized header: 211 tokens Dec 10 17:50:16.111 [9721] info: check: exceeded time limit in Mail::SpamAssassin::Plugin::Check::_eval_tests_type11_prineg90_set3, skipping further tests I guess it's just the slowness of bayes checking (haven't tried redis) but It still doesn't explain why it takes that much RAM, does it? I can try on machine with more RAM, hopefully it'll help. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept.
Re: txrep duplicated key with postgresql
On 2019-12-09 22:52, Daniel J. Luke wrote: I uploaded a patch for postgresql on https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7218 a while ago - but I haven't had time to clean it up into something that should be included into a release. added this patch, seem to solve it It might serve as inspiration for someone else before I end up having time to get to it, though. indeed now i just have to figure out why spamd gives diffrent results for dkim when fuglu runs in postfix prequeue setup, mybe mimedefang just works :/ hope for more begin using fuglu then thinks about better names for mimedefang with less wiki docs
