Bill Landry wrote:
The SaneSecurity sigs have successfully tagged every PDF spam that has
come my way. If you find any that are not tagged, forward them (with
headers) to the developer and he will add the signatures (he releases
updates several times a day).
I've already been talking to
Subject: Re: So what about rulesemporium.com and these anti-PDF rules?
Hi!
All in all, you're better off just making things public.
model in the antivirus/antispam arena...
...and it may be true - but no-one on this list believes it ;-)
Its a matter of fact that published rules
Henrik Krohns writes:
On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
Bear in mind that the spammer who is developing this PDF spam is only one
person, and he/she probably has at least one non-spammy-looking email
address at his disposal.
What's to spot him/her from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason schrieb:
Henrik Krohns writes:
On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
Bear in mind that the spammer who is developing this PDF spam is only one
person, and he/she probably has at least one non-spammy-looking
Robert Schetterer schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason schrieb:
Henrik Krohns writes:
On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
Bear in mind that the spammer who is developing this PDF spam is only one
person, and he/she probably has at
Matthias Haegele wrote:
http://sanesecurity.co.uk/ is working nice if youre in pressure
with pdf spam
Using this a few weeks too, had no FPs so far ...
No FPs, but also highly ineffective against the PDF-spam. In my
experience.
/Per Jessen, Zürich
Henrik Krohns wrote:
On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
Bear in mind that the spammer who is developing this PDF spam is only one
person, and he/she probably has at least one non-spammy-looking email
address at his disposal.
What's to spot him/her from asking
For what it's worth, a solution to any new flood or tactic is most
welcome IMO. In Dallas' defense here... Just as it takes time for the
spammers to develop and adapt new tactics, so too does it take time to
create counter-measures. The counter measures are often a work in
progress until there
You didn't miss anything. I don't believe they are released yet. FInal
testing being done. Results look great. I'll see if they can get released
soon.
--Chris
-Original Message-
From: Michal Jeczalik [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 9:47 AM
To:
Chris Santerre wrote:
You didn't miss anything. I don't believe they are released yet. FInal
testing being done. Results look great. I'll see if they can get
released soon.
--Chris
-Original Message-
From: Michal Jeczalik [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007
On Tue, Jul 03, 2007 at 11:35:01AM -0500, Dallas Engelken wrote:
The mechanism used for accurate detection in the PDFInfo plugin is not
going to be a part of this.. and I'd recommend you request the plugin
and use it privately. If the information gets publicized, that method
would soon
Theo Van Dinter wrote:
All in all, you're better off just making things public.
I agree. It's sort of like saying that Open Source cannot work as a
model in the antivirus/antispam arena...
...and it may be true - but no-one on this list believes it ;-)
--
Cheers
Jason Haar
Information
On Tue, 3 Jul 2007, Dallas Engelken wrote:
The PDFInfo.pm and accompanying ruleset will not be public. If you want it,
please go to
http://www.rulesemporium.com/plugins.htm#pdfinfo and request it.
Despite of my opinion about security-by-obscurity approach, I still
experience major
Hi!
All in all, you're better off just making things public.
model in the antivirus/antispam arena...
...and it may be true - but no-one on this list believes it ;-)
Its a matter of fact that published rules (see sare rulesets) become less
effective immediate after publishing. That due
Jason Haar wrote:
Theo Van Dinter wrote:
All in all, you're better off just making things public.
I agree. It's sort of like saying that Open Source cannot work as a
model in the antivirus/antispam arena...
It can, if you have the people willing to contribute new dats on every
:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 4:10 PM
To: Jason Haar
Cc: users@spamassassin.apache.org
Subject: Re: So what about rulesemporium.com and these anti-PDF rules?
Hi!
All in all, you're better off just making things public.
model in the antivirus/antispam arena...
...and it may
On Tue, Jul 03, 2007 at 07:16:19PM -0500, Dallas Engelken wrote:
... we have to release a new plugin, and a new
ruleset. Its not like we just release a new ruleset, someone runs
RDJ/sa-update and they are off.There is no way to auto-update the
plugin (currently) besides to announce it
Despite of my opinion about security-by-obscurity approach, I still
experience major connection problems with that site. By now it seems that
it does not resolve it's hostname to me at all. At least from my subnet,
which is unfortunately one of those polish-spam 83.x subnets, that are
I for one agree with the protected model.
I've read post after post in this group and others where people complain
that some new method is no longer effective due to the other guys
knowing our every step.
If there were an application process, which would be too burdensome on
the
19 matches
Mail list logo