Educause Security Discussion mailing list archives
Re: Image SPAM Increase?
From: Graham Toal <gtoal () UTPA EDU>
Date: Wed, 19 Apr 2006 13:32:00 -0500
A question for those of you running tunable anti-spam solutions... How often do you find it necessary to tune?
We have a unpassworded IMAP server that is write-only, where people can drop spam. Unfortunately we have several users who consistently put legitimate mail into it, so I have to vet the spam manually before submitting it to spamprobe's retraining. I have on occassion left it alone for as much as a month and no-one has noticed any degradation in the filtering, but by and large I try to do retrain at least once a week, and on demand if a particularly nasty new set of spams is slipping though. Fortunately due to the automatic self- training, that happens very seldom. We too were seeing the financial spams recently, but I retrained on a large batch of them late last week and haven't seen any since. I don't know specifically which features of the mails spamprobe chose to recognise, but it does seem to be working. By the way if anyone knows of any students looking for a final year project, I have a potentially useful algorithm for spam detection which has never been implemented in a real system, just proof-of-concept code so far. I don't have time to develop it myself but I could probably spare enough time to mentor a student project. Reason I mention it is that it is a good fit for the areas that current filters are poor in, such as mails with little text. By the way on the spamprobe mailing list over the last few months, there has been some discussion about image spams - and the suggestion here to OCR the text is being given some genuine consideration (though personally I happen to think it is not cost-effective, and that there are easier ways to catch those ones) One other related item: the open source A/V product "clamav" considers phishing spams to be within their remit. They're actually very responsive if you upload a new phishing scam email to them and they'll add a signature for it the same day. We cut down on a huge amount of spam when I gave them examples of the CUNA stuff (Credit Union) that has been going around for the last few months. Since clamav looks inside images, you *might* get some benefit from submitting these items - if any of them can be considered phishes and not just plain spams. Graham PS The write-only imap source is available if anyone wants it. Check on freshmeat for "minimap".
Current thread:
- Re: Image SPAM Increase?, (continued)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Bruggeman, John (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Les LaCroix (Apr 19)
- Re: Image SPAM Increase? Graham Toal (Apr 19)
- Re: Image SPAM Increase? Mark Borrie (Apr 19)
- Re: Image SPAM Increase? Lee Weers (Apr 19)
- Re: Image SPAM Increase? Lucas, Bryan (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? unisog (Apr 19)
- Re: Image SPAM Increase? Robert Mozden (Apr 20)
- Re: Image SPAM Increase? Paul Russell (Apr 20)
- Re: Image SPAM Increase? Flagg, Martin D. (Apr 21)