Educause Security Discussion mailing list archives

Re: spam assassin rules for Pharmacy image spam

From: Patrick P Murphy <pmurphy () NRAO EDU>
Date: Mon, 18 May 2009 22:35:18 -0400

"RF" == Russell Fulton <r.fulton () AUCKLAND AC NZ> writes:

RF> Over the last couple of weeks we have been inundated with image spam
RF> promoting viagra and other drugs for treating erectile disfunction. I
RF> am personally getting about 5 - 10 a day.

Yeah, us too.  Mostly PNG images with a largish chunk size.

RF> Unfortunately both our spam assassin experts are away for some time.
RF> So before I go an peer at the entrails of spam assassin I was
RF> wondering if anyone else has come up with some rules that catch these
RF> things. Preferably without doing OCR on the image which has a
RF> considerable performance penalty.

We bumped up the DYN_RDNS_AND_INLINE_IMAGE score by 2.5 and that seems
to have been partially successful; most of the images seem now to get
snagged in our quarantine (score >5).

 - Pat

--
 Patrick P. Murphy, Ph.D.   Webmaster (East), Computing Security Manager
 http://www.nrao.edu/~pmurphy/          http://chien-noir.com/maze.shtml
 "Inventions then cannot, in nature, be a subject of property."
                                    -- Thomas Jefferson, August 13, 1813

Current thread:

spam assassin rules for Pharmacy image spam Russell Fulton (May 18)
- <Possible follow-ups>
- Re: spam assassin rules for Pharmacy image spam Patrick P Murphy (May 18)
- Re: spam assassin rules for Pharmacy image spam Dan Oachs (May 19)