Educause Security Discussion mailing list archives
Re: spam assassin rules for Pharmacy image spam
From: Patrick P Murphy <pmurphy () NRAO EDU>
Date: Mon, 18 May 2009 22:35:18 -0400
"RF" == Russell Fulton <r.fulton () AUCKLAND AC NZ> writes: RF> Over the last couple of weeks we have been inundated with image spam RF> promoting viagra and other drugs for treating erectile disfunction. I RF> am personally getting about 5 - 10 a day. Yeah, us too. Mostly PNG images with a largish chunk size. RF> Unfortunately both our spam assassin experts are away for some time. RF> So before I go an peer at the entrails of spam assassin I was RF> wondering if anyone else has come up with some rules that catch these RF> things. Preferably without doing OCR on the image which has a RF> considerable performance penalty. We bumped up the DYN_RDNS_AND_INLINE_IMAGE score by 2.5 and that seems to have been partially successful; most of the images seem now to get snagged in our quarantine (score >5). - Pat -- Patrick P. Murphy, Ph.D. Webmaster (East), Computing Security Manager http://www.nrao.edu/~pmurphy/ http://chien-noir.com/maze.shtml "Inventions then cannot, in nature, be a subject of property." -- Thomas Jefferson, August 13, 1813
Current thread:
- spam assassin rules for Pharmacy image spam Russell Fulton (May 18)
- <Possible follow-ups>
- Re: spam assassin rules for Pharmacy image spam Patrick P Murphy (May 18)
- Re: spam assassin rules for Pharmacy image spam Dan Oachs (May 19)