On Wed, 3 Sep 2014, Amir Caspi wrote:
On Sep 3, 2014, at 2:01 PM, John Hardin wrote:
Did that hit any of the existing phish rules? They may need some attention...
Similar phishing just received, spample here:
http://pastebin.com/UEmb035j
It did not hit any phishing rules.
The existing p
On Sep 3, 2014, at 2:01 PM, John Hardin wrote:
> Did that hit any of the existing phish rules? They may need some attention...
Similar phishing just received, spample here:
http://pastebin.com/UEmb035j
It did not hit any phishing rules. In fact, because it was only BAYES_50, it
actually got
On Wed, 3 Sep 2014, David F. Skoll wrote:
On Wed, 3 Sep 2014 14:19:21 -0500 (CDT)
David B Funk wrote:
Do you understand that the visible body size may be completely
different from the MTA byte-count?
Yes. That message substantially longer than 100 characters. Here's
the actual visible tex
On Wed, 03 Sep 2014 21:52:39 +0200
Axb wrote:
> oh.. a phish - not the usual hacked WP sites with only one link in
> them and maybe a line or two of trash I was thinking of...
Yes. It seems that hacked WP sites are a general-purpose tool being
used by phishers, malware distributors, weight-loss
On 09/03/2014 09:35 PM, David F. Skoll wrote:
On Wed, 3 Sep 2014 14:19:21 -0500 (CDT)
David B Funk wrote:
Do you understand that the visible body size may be completely
different from the MTA byte-count?
Yes. That message substantially longer than 100 characters. Here's
the actual visible
On Wed, 3 Sep 2014 14:19:21 -0500 (CDT)
David B Funk wrote:
> Do you understand that the visible body size may be completely
> different from the MTA byte-count?
Yes. That message substantially longer than 100 characters. Here's
the actual visible text with HTML stripped out:
On 09/03/2014 08:33 PM, David F. Skoll wrote:
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
>try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types o
On Wed, 3 Sep 2014, David F. Skoll wrote:
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of s
On Wed, 3 Sep 2014, Spectrum CS wrote:
Would you be able to share your regexp? I'm struggling to update my regexp to
catch the .php :)
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?r1=1622275&r2=1622307&diff_format=h
--
John Hardin KA7OHZ
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
> try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of spam hitting the rule
that are much larger. M
On 09/03/2014 08:09 PM, David F. Skoll wrote:
On Wed, 3 Sep 2014 18:02:31 +
"Spectrum CS" wrote:
Would you be able to share your regexp? I'm struggling to update my
regexp to catch the .php :)
Ah, this is what I have. (I've changed the rule names, but that shouldn't
matter.)
uri
On Wed, 3 Sep 2014 18:02:31 +
"Spectrum CS" wrote:
> Would you be able to share your regexp? I'm struggling to update my
> regexp to catch the .php :)
Ah, this is what I have. (I've changed the rule names, but that shouldn't
matter.)
uri__RP_D_00069_1 /\/wp-content\/(?:plugins|them
Would you be able to share your regexp? I'm struggling to update my regexp to
catch the .php :)
Thanks
Original Message
Subject: Re: Hacked Wordpress sites & Cryptolocker (03-Sep-2014 18:59)
From:David F. Skoll
To: spamassassin-li...@spectrumcs.net
> On Wed, 3 Sep
Fair point.
Can you confirm if uri tests operate on ? I was of the
impression it only operated on but looking at
wiki.apache.org/spamassassin/WritingRules its not absolutely clear?
Regards
Steve
Original Message
Subject: Re: Hacked Wordpress sites & Cryptolocker (03-Sep-2
14 matches
Mail list logo