Re: fired rules count ..rule

On Fri, 2012-03-02 at 00:52 +0100, Amedeo Rinaldo wrote: (sorry for this 'thread up') -- -- I wrote.. ..[cut].. And now the real answer to you Martin.. I cannot write tons of meta __FLAG_X (!THIS_RULE !THIS_OTHER_RULE ..) I need some sort of match like if AllFiredRules in

Re: matching charset

On Fri, 2012-03-02 at 08:13 +0200, Tom Kinghorn wrote: morning list Please could you advise as to how I would match this charset (iso-8859-1) Are you using the MimeMagic plugin? IIRC you need it to test MIME headers. Martin

Re: matching charset

On 3/2/2012 1:13 AM, Tom Kinghorn wrote: morning list Please could you advise as to how I would match this charset (iso-8859-1) I would like to include it as part of a meta-test for phishing however, my attempts have failed. Hi Tom, A - The charset in the second half isn't a header. It's

Re: matching charset

On 02/03/2012 14:21, Kevin A. McGrail wrote: On 3/2/2012 1:13 AM, Tom Kinghorn wrote: morning list 9 1 is essentially the Western charset. I don't think you'll find it indicative of much spam or ham. regards, KAM Thanks to all who have replied. I am going to add the charset as part of a

uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

just a note to whom it might concern :)

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

Ha. Nice -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *|

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

It was a last minute decision. Jeremy McSpadden jer...@fluxlabs.net wrote: Ha. Nice -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH.

Re: uribl lastminute.com listed in uribl white and is now used for nordea phishiing mails

Den 2012-03-02 17:40, Jeremy McSpadden skrev: Ha. Nice be nice to an old mand -- Jeremy McSpadden On Mar 2, 2012, at 10:38 AM, Michael Scheidell michael.scheid...@secnap.com wrote: On 3/2/12 11:36 AM, Benny Pedersen wrote: just a note to whom it might concern :) phisting? OUCH. --

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails

On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample?

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 17:50, Axb skrev: On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample? february had 29 days this yaer ? its being resolved, sorry for the noice

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Leap Year -- Jeremy McSpadden On Mar 2, 2012, at 11:11 AM, Benny Pedersen m...@junc.org wrote: Den 2012-03-02 17:50, Axb skrev: On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample? february had 29 days this yaer ? its being

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 18:15, Jeremy McSpadden skrev: Leap Year sure ? # # Copyright 2012 Nordea # body __COPYRIGHT_NORDEA /Copyright\ 201.\ Nordea/i meta PHISHMAIL_NORDEA (__COPYRIGHT_NORDEA !SPF_PASS) describe PHISHMAIL_NORDEA Meta: __COPYRIGHT_NORDEA !SPF_PASS score PHISHMAIL_NORDEA 3.0 if

Spam from Moniker Privacy Services.

I'm getting a bunch spam from Moniker Privacy Services other domain privacy services but they seem host their smtp servers everywhere in the world (mostly in the US) and below are some examples of what I got when I did a whois on the some of the domains: a-trigano.com 66.197.198.131 OrgName:

Re: Spamassassin detect my mails as spam

On Thu, 1 Mar 2012 16:18:56 +0100 Michelle Konzack wrote: Hello RW, Am 2012-02-25 22:42:47, hacktest Du folgendes herunter: I think that this is pretty conclusive that it's nothing to do with Spamassassin. It doesn't look anything like what I'd expect for a Spamassassin-based

Re: Spam from Moniker Privacy Services.

Here are some samples of this spam in pastebin: http://pastebin.com/djidF7dg http://pastebin.com/DQan00ve http://pastebin.com/1PizAzMv http://pastebin.com/Hd6vVpYi Thank you, Frank On 02-03-2012 14:31, Jeremy McSpadden wrote: Pastebin some emails + headers -- Jeremy McSpadden Flux Labs, Inc

Re: fired rules count ..rule

Il 02/03/2012 12:13, Martin Gregorie ha scritto: On Fri, 2012-03-02 at 00:52 +0100, Amedeo Rinaldo wrote: ..[cut].. I cannot write tons of meta __FLAG_X (!THIS_RULE !THIS_OTHER_RULE ..) I need some sort of match like if AllFiredRules in (RuleA, RuleB, RuleC, ...) - raise __FLAG_Y. And some