Bill Landry wrote:
> The SaneSecurity sigs have successfully tagged every PDF spam that has
> come my way. If you find any that are not tagged, forward them (with
> headers) to the developer and he will add the signatures (he releases
> updates several times a day).
I've already been talking to
Per Jessen wrote the following on 7/4/2007 7:14 AM -0800:
Matthias Haegele wrote:
http://sanesecurity.co.uk/ is working nice if youre in pressure
with pdf spam
Using this a few weeks too, had no FPs so far ...
No FPs, but also highly ineffective against the PDF-spam. In my
ex
For what it's worth, a solution to any new flood or tactic is most
welcome IMO. In Dallas' defense here... Just as it takes time for the
spammers to develop and adapt new tactics, so too does it take time to
create counter-measures. The counter measures are often a work in
progress until there i
Henrik Krohns wrote:
On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
Bear in mind that the spammer who is developing this PDF spam is only one
person, and he/she probably has at least one non-spammy-looking email
address at his disposal.
What's to spot him/her from asking Dalla
Matthias Haegele wrote:
>> http://sanesecurity.co.uk/ is working nice if youre in pressure
>> with pdf spam
>
> Using this a few weeks too, had no FPs so far ...
No FPs, but also highly ineffective against the PDF-spam. In my
experience.
/Per Jessen, Zürich
Robert Schetterer schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason schrieb:
Henrik Krohns writes:
On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
Bear in mind that the spammer who is developing this PDF spam is only one
person, and he/she probably has at least
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason schrieb:
> Henrik Krohns writes:
>> On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
>>> Bear in mind that the spammer who is developing this PDF spam is only one
>>> person, and he/she probably has at least one non-spammy-loo
Henrik Krohns writes:
> On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote:
> >
> > Bear in mind that the spammer who is developing this PDF spam is only one
> > person, and he/she probably has at least one non-spammy-looking email
> > address at his disposal.
> >
> > What's to spot hi
oorn [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 03, 2007 4:10 PM
> To: Jason Haar
> Cc: users@spamassassin.apache.org
> Subject: Re: So what about rulesemporium.com and these anti-PDF rules?
>
> Hi!
>
> >> All in all, you're better off just making things publ
>
> I for one agree with the protected model.
>
> I've read post after post in this group and others where people complain
> that some new method is no longer effective due to the "other guys"
> knowing our every step.
>
> If there were an application process, which would be too burdensome on
>
>
> Despite of my opinion about security-by-obscurity approach, I still
> experience major connection problems with that site. By now it seems that
> it does not resolve it's hostname to me at all. At least from my subnet,
> which is unfortunately one of those "polish-spam" 83.x subnets, that are
On Tue, Jul 03, 2007 at 07:16:19PM -0500, Dallas Engelken wrote:
> ... we have to release a new plugin, and a new
> ruleset. Its not like we just release a new ruleset, someone runs
> RDJ/sa-update and they are off.There is no way to auto-update the
> plugin (currently) besides to announce
--
From: Raymond Dijkxhoorn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 4:10 PM
To: Jason Haar
Cc: users@spamassassin.apache.org
Subject: Re: So what about rulesemporium.com and these anti-PDF rules?
Hi!
>> All in all, you're better off just making things public.
> model
Jason Haar wrote:
Theo Van Dinter wrote:
All in all, you're better off just making things public.
I agree. It's sort of like saying that Open Source cannot work as a
model in the antivirus/antispam arena...
It can, if you have the people willing to contribute new dats on every
Hi!
All in all, you're better off just making things public.
model in the antivirus/antispam arena...
...and it may be true - but no-one on this list believes it ;-)
Its a matter of fact that published rules (see sare rulesets) become less
effective immediate after publishing. That due to
On Tue, 3 Jul 2007, Dallas Engelken wrote:
The PDFInfo.pm and accompanying ruleset will not be public. If you want it,
please go to
http://www.rulesemporium.com/plugins.htm#pdfinfo and request it.
Despite of my opinion about security-by-obscurity approach, I still
experience major connectio
Theo Van Dinter wrote:
> All in all, you're better off just making things public.
>
I agree. It's sort of like saying that Open Source cannot work as a
model in the antivirus/antispam arena...
...and it may be true - but no-one on this list believes it ;-)
--
Cheers
Jason Haar
Information Se
On Tue, Jul 03, 2007 at 11:35:01AM -0500, Dallas Engelken wrote:
> The mechanism used for accurate detection in the PDFInfo plugin is not
> going to be a part of this.. and I'd recommend you request the plugin
> and use it privately. If the information gets publicized, that method
> would s
Chris Santerre wrote:
You didn't miss anything. I don't believe they are released yet. FInal
testing being done. Results look great. I'll see if they can get
released soon.
--Chris
> -Original Message-
> From: Michal Jeczalik [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 03, 2007
You didn't miss anything. I don't believe they are released yet. FInal
testing being done. Results look great. I'll see if they can get released
soon.
--Chris
> -Original Message-
> From: Michal Jeczalik [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 03, 2007 9:47 AM
> To: users@spamassa
20 matches
Mail list logo