Theo Van Dinter wrote:
> It's already been mentioned, but mimeheader is the right way to look
> at the headers of MIME parts.
Charles Gregory wrote:
> Look more closely at my rule. It is checking for TWO headers,
> one after the other (separated by \n), identifying a gif with no name.
>
>>> full /
On Sun, 26 Apr 2009, Theo Van Dinter wrote:
It's already been mentioned, but mimeheader is the right way to look
at the headers of MIME parts.
Look more closely at my rule. It is checking for TWO headers,
one after the other (separated by \n), identifying a gif with no name.
full /Content-Typ
On Mon, 2009-04-27 at 12:16 +0200, Andy Spiegl wrote:
> > It's already been mentioned, but mimeheader is the right way to look
> > at the headers of MIME parts.
>
> How about multiline Content-Types?
They appear to be wrapped.
$ grep -A 1 image/ dsl.png.msg
Content-Type: image/png;
n
> > While you are at it, you can also scan for
> > full /Content-Type: image\/gif;\n[^a-z]+name=""/
> It's already been mentioned, but mimeheader is the right way to look
> at the headers of MIME parts.
How about multiline Content-Types?
I tried without success:
mimeheader NAMELESSGIF_ATTACHME
On Sun, Apr 26, 2009 at 04:11:10PM -0400, Dan Mahoney, System Admin wrote:
> On Sat, 25 Apr 2009, John Hardin wrote:
>
>> On Sat, 25 Apr 2009, Gary Forrest wrote:
>>
>>> We are receiving the same image spam many times, random text within
>>> the body.
>>
>> FuzzyOCR. It seems Spammers are trying i
On Sat, 25 Apr 2009, John Hardin wrote:
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up on
it for a year or so.
Is there a version of FuzzyOCR th
It's already been mentioned, but mimeheader is the right way to look
at the headers of MIME parts.
The rule of thumb is "if you are using 'full' you're probably doing it
wrong". :)
On Sun, Apr 26, 2009 at 11:57 AM, Charles Gregory wrote:
> On Sat, 25 Apr 2009, Gary Forrest wrote:
>>
>> We are r
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body. The only common thing is a image attachment, with the filename in
the following format
DSL1234.png
I have made the following ' RAWBODY ' rule
/dsl[0-9]{4}\.png/i
You need to
On Sat, 25 Apr 2009 16:10:41 -0500
Igor Chudov wrote:
> On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
> > On Sat, 25 Apr 2009, Gary Forrest wrote:
> > FuzzyOCR. It seems Spammers are trying image spam again, after
> > giving up on it for a year or so.
> >
>
> Why did spammers giv
On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
> On Sat, 25 Apr 2009, Gary Forrest wrote:
>
>> We are receiving the same image spam many times, random text within the
>> body.
>
> FuzzyOCR. It seems Spammers are trying image spam again, after giving up
> on it for a year or so.
>
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up
on it for a year or so.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
Gary Forrest wrote:
> Hi All
>
> We are receiving the same image spam many times, random text within the
> body.
> The only common thing is a image attachment, with the filename in the
> following format
>
> DSL1234.png
>
> I have made the following ' RAWBODY ' rule
>
> /dsl[0-9]{4}\.png/i
>
Hi All
We are receiving the same image spam many times, random text within the
body.
The only common thing is a image attachment, with the filename in the
following format
DSL1234.png
I have made the following ' RAWBODY ' rule
/dsl[0-9]{4}\.png/i
This rule works if the text appears in th
13 matches
Mail list logo
