Pharma spam getting through - SpamAssassin

This is a discussion on Pharma spam getting through - SpamAssassin ; Recently there are tons of simple mails like: ftp://pve.proxmox.com/tmp/sample-spam1.txt ftp://pve.proxmox.com/tmp/sample-spam2.txt Seems that they trigger some network tests, but many get through with low score. Does anybody know a way to block them effectively without using network tests? - Dietmar...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Pharma spam getting through

  1. Pharma spam getting through

    Recently there are tons of simple mails like:

    ftp://pve.proxmox.com/tmp/sample-spam1.txt
    ftp://pve.proxmox.com/tmp/sample-spam2.txt

    Seems that they trigger some network tests,
    but many get through with low score.

    Does anybody know a way to block them effectively without
    using network tests?

    - Dietmar


  2. Re: Pharma spam getting through

    On Thu, 14 Aug 2008, Dietmar Maurer wrote:

    > Does anybody know a way to block them effectively without
    > using network tests?


    Check for stupid HTML: add some points for "http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    USMC Rules of Gunfighting #12: Have a plan.
    USMC Rules of Gunfighting #13: Have a back-up plan, because the
    first one won't work.
    -----------------------------------------------------------------------
    Tomorrow: the 63rd anniversary of the end of World War II


  3. Re: Pharma spam getting through

    You could write yourself a rawbody rule to match on the string: td>NEVOB with a high score, and that will take care of this particular set (and seems to me, personally, to be at very low risk of FP- but then I'm American and have no idea what that word might mean in other languages), but you will have to write a new rule for the next mutation (this is the third or fourth variant I've seen already). and the next mutation. and the next......

    Some BAYES training might help with detection, also, but even that won't necessarily push their score over the threshold, by itself.

    >>> "Dietmar Maurer" 08/14/08 1:53 AM >>>

    Recently there are tons of simple mails like:

    ftp://pve.proxmox.com/tmp/sample-spam1.txt
    ftp://pve.proxmox.com/tmp/sample-spam2.txt

    Seems that they trigger some network tests, but many get through with low score.

    Does anybody know a way to block them effectively without using network tests?

    - Dietmar


+ Reply to Thread