Starting about two hours ago, about 40% of my real-time
honeypot spam is a new malware campaign. About a third are
hitting "BAYES_00", with about 10% of all having negative SA
scores. :(
Full spample (with munged email addresses):
http://puffin.net/software/spam/samples/0040_mal_tgz.txt
T
Hi Chip,
On Thu, Apr 21, 2016 at 9:33 AM, Chip M. wrote:
> Starting about two hours ago, about 40% of my real-time
> honeypot spam is a new malware campaign. About a third are
> hitting "BAYES_00", with about 10% of all having negative SA
> scores. :(
>
> Full spample (with munged email addresse
On Thu, 21 Apr 2016 14:33:01 +0100, Chip M.
wrote:
Starting about two hours ago, about 40% of my real-time
honeypot spam is a new malware campaign. About a third are
hitting "BAYES_00", with about 10% of all having negative SA
scores. :(
I've just checked 4 that score between 10.1 and 14.9
Hi,
Yes, we are seeing tons of these. We look inside various archive files for
filenames and we quarantine .js files by default, so we didn't suffer any
0-day problems, and now I see that Sanesecurity is picking most of these up.
Regards,
Dianne.
On Thu, 21 Apr 2016 08:33:01 -0500
Chip M. wrote:
> Starting about two hours ago, about 40% of my real-time
> honeypot spam is a new malware campaign. About a third are
> hitting "BAYES_00", with about 10% of all having negative SA
> scores. :(
>
> Full spample (with munged email addresses):
>
On 2016-04-07 13:55 -0700, Ian Zimmerman wrote:
> sa-learn doesn't do any reporting, right?
[snip snip]
> By the way, manpage for spamc says:
>
>-C report type, --reporttype=type
>Report or revoke a message to one of the configured
>collaborative filtering databa
Am 21.04.2016 um 17:07 schrieb RW:
On Thu, 21 Apr 2016 08:33:01 -0500
Chip M. wrote:
Starting about two hours ago, about 40% of my real-time
honeypot spam is a new malware campaign. About a third are
hitting "BAYES_00", with about 10% of all having negative SA
scores. :(
Full spample (with
On Thu, 21 Apr 2016, Reindl Harald wrote:
[snip..]
Content-Type: application/octet-stream; name="0005500922.tgz"
I wonder how common octet-stream is with legitimate .tgz
files
sadly you need to expect "application/octet-stream" for nearly any filetype,
learned the hard way by doing mim
Am 21.04.2016 um 18:30 schrieb Dave Funk:
On Thu, 21 Apr 2016, Reindl Harald wrote:
[snip..]
Content-Type: application/octet-stream; name="0005500922.tgz"
I wonder how common octet-stream is with legitimate .tgz
files
sadly you need to expect "application/octet-stream" for nearly any
f
On Thu, 2016-04-21 at 16:07 +0100, RW wrote:
> On Thu, 21 Apr 2016 08:33:01 -0500
> Chip M. wrote:
>
> >
> > Starting about two hours ago, about 40% of my real-time
> > honeypot spam is a new malware campaign. About a third are
> > hitting "BAYES_00", with about 10% of all having negative SA
> >
Resurrecting thread
Recently seeing increase in spam from these gTLD:
pro
bid
trade
I'm adding them to my reject list, do with this information what you will.
-hth
11 matches
Mail list logo
