subject:"png images"

Re: png images

2010-07-17 Thread Jari Fredriksson

On 17.7.2010 2:28, Peter Lowish wrote:
> Perfect - thank you so much
> 
> P
> 

Note, that the L_PAYLOAD_CTYPE_PNG rule has no descriuption and score,
my code was wrong, the code describes and scores HTML-version again.

This error was in my actual script... I just noticed it myself.

Also the ifplugin endif is missing, it is in the end of the previous line.

> -Original Message-
> From: Jari Fredriksson [mailto:ja...@iki.fi] 
> Sent: Saturday, 17 July 2010 4:09 a.m.
> To: users@spamassassin.apache.org
> Subject: Re: png images
> 
> On 16.7.2010 4:04, Peter Lowish wrote:
>> I am wondering if someone has a rule to deal with the current spam 
>> being sent with just a small png attachment the name of which changes
>>
>>  
>>
>> There is no text in the email, just the attachment - the subject line 
>> is always different
>>
>>  
>>
> 
> header __CTYPE_MULTIPART_ANY Content-Type =~ /multipart\/\w/i
> ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
> mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
> meta L_MIME_NO_TEXT (__CTYPE_MULTIPART_ANY && !__ANY_TEXT_ATTACH)
> scoreL_MIME_NO_TEXT 5.00
> describe L_MIME_NO_TEXT No text body parts endif
> 
> header   L_PAYLOAD_CTYPE_RTF  Content-Type =~ /\bname=".+\.rtf"/i
> describe L_PAYLOAD_CTYPE_RTF  Payload is an RTF document, no text part
> scoreL_PAYLOAD_CTYPE_RTF  5.0
> 
> header   L_PAYLOAD_CTYPE_HTML  Content-Type =~ /\bname=".+\.html"/i
> describe L_PAYLOAD_CTYPE_HTML  Payload is an HTML document, no text part
> scoreL_PAYLOAD_CTYPE_HTML  5.0
> 
> header   L_PAYLOAD_CTYPE_PNG  Content-Type =~ /\bname=".+\.png"/i
> describe L_PAYLOAD_CTYPE_HTML  Payload is a PNG image, no text part
> scoreL_PAYLOAD_CTYPE_HTML  5.0
> 
> 
> 
> 
> 
> --
> http://www.iki.fi/jarif/
> I use PGP. If there is an incompatibility problem with your mail client,
> please contact me.
> 
> Q:What do you call a half-dozen Indians with Asian flu?
> A:Six sick Sikhs (sic).
> 
> 


-- 
http://www.iki.fi/jarif/
I use PGP. If there is an incompatibility problem with your mail
client, please contact me.

You feel a whole lot more like you do now than you did when you used to.



signature.asc
Description: OpenPGP digital signature

Re: png images

2010-07-16 Thread Jari Fredriksson

On 16.7.2010 4:04, Peter Lowish wrote:
> I am wondering if someone has a rule to deal with the current spam being
> sent with just a small png attachment the name of which changes
> 
>  
> 
> There is no text in the email, just the attachment – the subject line is
> always different
> 
>  
> 

header __CTYPE_MULTIPART_ANY Content-Type =~ /multipart\/\w/i
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
meta L_MIME_NO_TEXT (__CTYPE_MULTIPART_ANY && !__ANY_TEXT_ATTACH)
scoreL_MIME_NO_TEXT 5.00
describe L_MIME_NO_TEXT No text body parts
endif

header   L_PAYLOAD_CTYPE_RTF  Content-Type =~ /\bname=".+\.rtf"/i
describe L_PAYLOAD_CTYPE_RTF  Payload is an RTF document, no text part
scoreL_PAYLOAD_CTYPE_RTF  5.0

header   L_PAYLOAD_CTYPE_HTML  Content-Type =~ /\bname=".+\.html"/i
describe L_PAYLOAD_CTYPE_HTML  Payload is an HTML document, no text part
scoreL_PAYLOAD_CTYPE_HTML  5.0

header   L_PAYLOAD_CTYPE_PNG  Content-Type =~ /\bname=".+\.png"/i
describe L_PAYLOAD_CTYPE_HTML  Payload is a PNG image, no text part
scoreL_PAYLOAD_CTYPE_HTML  5.0





-- 
http://www.iki.fi/jarif/
I use PGP. If there is an incompatibility problem with your mail
client, please contact me.

Q:  What do you call a half-dozen Indians with Asian flu?
A:  Six sick Sikhs (sic).



signature.asc
Description: OpenPGP digital signature

Re: png images

2010-07-15 Thread Michael Scheidell


and that ip is listed on 12 blacklists.  my point exactly.
you wanted to know how to block them? use the blacklists.


On 7/15/10 9:14 PM, Peter Lowish wrote:

 From my mailwatch report

186.4.15.18 (Reverse Lookup Failed) (GeoIP Lookup Failed)   
ID: 1OYnOW-00019S-8I
Message Headers:Received: from [186.4.15.18] (helo=ford.rzbgq.com)
  by host.webone.co.nz with smtp (Exim 4.69)
  (envelope-from)
  id 1OYnOW-00019S-8I
  for cr...@web1.co.nz; Wed, 14 Jul 2010 09:52:07 +1200
Message-ID:
Date: Tue, 13 Jul 2010 15:52:06 -0600
From: Muncil Burnash
MIME-Version: 1.0
To: Mintor Bukowiecki
Subject: O young man, to-day, in the same position, should be
Content-Type: multipart/mixed;
boundary="5D3989FFQhaNktULeDGfQ2a4avs"
From:   
pers...@vivotech.com
To: cr...@web1.co.nz
Subject:O young man, to-day, in the same position, should be
Size:   29.1Kb

-

Here is the email header

Return-path:
Envelope-to: cr...@web1.co.nz
Delivery-date: Wed, 14 Jul 2010 09:52:08 +1200
Received: from [186.4.15.18] (helo=ford.rzbgq.com)
by host.webone.co.nz with smtp (Exim 4.69)
(envelope-from)
id 1OYnOW-00019S-8I
for cr...@web1.co.nz; Wed, 14 Jul 2010 09:52:07 +1200
Message-ID:
Date: Tue, 13 Jul 2010 15:52:06 -0600
From: Muncil Burnash
MIME-Version: 1.0
To: Mintor Bukowiecki
Subject: O young man, to-day, in the same position, should be
Content-Type: multipart/mixed;
  boundary="5D3989FFQhaNktULeDGfQ2a4avs"
X-webone-MailScanner-Information: Please contact the ISP for more
information
X-webone-MailScanner-ID: 1OYnOW-00019S-8I
X-webone-MailScanner: Found to be clean
X-webone-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=1.47, required 5, DCC_CHECK 1.37, RDNS_NONE 0.10)
X-webone-MailScanner-SpamScore: s
X-webone-MailScanner-From: pers...@vivotech.com
X-EsetId: C30D4C20C48D2634974D

-Original Message-
From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Friday, 16 July 2010 1:07 p.m.
To: users@spamassassin.apache.org
Subject: Re: png images

On 7/15/10 9:04 PM, Peter Lowish wrote:
   

I am wondering if someone has a rule to deal with the current spam
being sent with just a small png attachment the name of which changes

There is no text in the email, just the attachment - the subject line
is always different

 

reputation lists, rbl's, most of that? isn't it coming from zombie
dialups anyway?

   

Thanks
Peter

 


   


--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008


__
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

__

Re: png images

2010-07-15 Thread Michael Scheidell


On 7/15/10 9:04 PM, Peter Lowish wrote:


I am wondering if someone has a rule to deal with the current spam 
being sent with just a small png attachment the name of which changes


There is no text in the email, just the attachment – the subject line 
is always different


reputation lists, rbl's, most of that? isn't it coming from zombie 
dialups anyway?



Thanks
Peter




--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008

__
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
__

png images

2010-07-15 Thread Peter Lowish

I am wondering if someone has a rule to deal with the current spam being
sent with just a small png attachment the name of which changes

 

There is no text in the email, just the attachment - the subject line is
always different

 

Thanks
Peter

Re: png images

Re: png images

Re: png images

Re: png images

png images

5 matches

Site Navigation

Mail list logo

Footer information