spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Scully" <jscu...@isipi.com>
Subject Re: Now its zip attachments ^^
Date Mon, 23 Jul 2007 14:42:56 GMT
I have to mention how pleased we are with the sanesecurity clamav tool.  We
have always used spamassassin with many custom rule sets, dcc and rbls, with
clamd for virus scanning.

We have been getting a large number (~4,500 per day) of these PDF and other
attachment spams making it through SA, even with PDFinfo and everything else
we could throw at them.  After adding the sanesecurity sigs to clamd last
week not one PDF has made it through.  And since clamd unpacks and examines
every attachment anyway it is no additional load.  In fact, due to the
messages not hitting SA it probably reduced load slightly.

John P. Scully
President/CTO
iSupportISP LLC
33 North high st
Suite 1000
Columbus, OH 43215
614-586-4040
614-226-6110 Mobile
614-586-4044 Fax
jscully@isupportisp.com

Your Private Label Internet and Digital Phone Provider
----- Original Message ----- 
From: "Robert Schetterer" <robert@schetterer.org>
To: <users@spamassassin.apache.org>
Sent: Monday, July 23, 2007 5:15 AM
Subject: Re: Now its zip attachments ^^


>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Robert Schetterer schrieb:
> > Matus UHLAR - fantomas schrieb:
> >>> Hendrik Helmvoigt wrote:
> >>>> This night it seems like we're beeing spammed again by xml documents,
> >>>> but this time neatly packed into a zipfile:
> >>>>
> >>>> I'm really excited whats going to happen next. Maybe psd files
embedded
> >>>> in pdf and then rar'ed.
> >>>>
> >>>> And i'd still like to meet the person that goes through all that
trouble
> >>>> to read that spam, and then performs the action that the spammer
wants
> >>> >from him.
> >> On 22.07.07 18:47, John Rudd wrote:
> >>> As I've said for years: we should just ban attachments.  They're not
> >>> really useful for anything that can't be done a better way.  Which
only
> >>> leaves them being useful for attacks of one form or another.
> >> some people just want, some just need attachments. I think that if a
filter
> >> (word plugin is used with different meaning in SA) would
preprocess/convert
> >> those attachments to text, SA could just run standard rules over it and
> >> catch unwelcome words, do BAYES check over it, etc etc.
> >
> >> So the words "dear winner" would match no matter if stored  in text,
HTML,
> >> .doc (tnef), gif or pdf ...
> >
> >> Is there any such plan for SA?
> > Hi all,
> > meanwhile
> > http://sanesecurity.co.uk/clamav/
> > catches also these zip spam
>
> i forgot
> read the story here
>
>
http://sanesecurity.blogspot.com/2007/07/from-pdf-to-xls-to-zipped-xls-stock.html
>
> and thx to steve for its work
>
> - --
> Mit freundlichen Gruessen
> Best Regards
>
> Robert Schetterer
>
> https://www.schetterer.org
> Germany
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFGpHGXfGH2AvR16oERAtV7AJ4+brYiSRH6Vw2lPVhJyKQ5tmUhlgCfWk77
> QiSPZGpUdTKEWesgbfVh7So=
> =W6Xw
> -----END PGP SIGNATURE-----
>
>


Mime
View raw message