RE: SPAM with images (and some junk text)
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: SPAM with images (and some junk text) - 21.Aug.2006 10:51:19 AM
|
|
|
joestern
Posts: 273
Joined: 18.Sep.2003
From: Philadelphia, PA
Status: offline
|
quote:
Apparently, those stock spams (a embedded GIF with lots of random sentences) are being blocked successfully by IMF v2.
Are you running ME on your Exchange Server? I recall a GFI KB article from 2004 saying that we couldn't use the free IMF with ME unless they were both running on the server side. Since we use ME on our gateway, I've been ignoring the volume license IMF disks that Microsoft sends me. Are things different now with IMF v2?
|
|
|
|
|
RE: SPAM with images (and some junk text) - 21.Aug.2006 10:53:20 AM
|
|
|
dwarren
Posts: 68
Joined: 16.Feb.2006
Status: offline
|
ME is running on a gateway server, not the Exchange server for us. I am wary to turn on IMF... I guess that is always an option, but would prefer to have GFI block these emails.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 21.Aug.2006 1:00:51 PM
|
|
|
justinr
Posts: 129
Joined: 6.Mar.2006
From: New York, NY
Status: offline
|
quote:
ORIGINAL: Mark Busuttil
c) Generally, most of these SPAM emails contain 1500 - 2000 characters, therefore you must set the following registry DWORD value to 2000
At [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME12\config\], with the DWORD Value "remoteimagebodysize" must be set to 2000
does 'remoteimagebodysize' count spaces, or only non-space characters?
the latest batch of these is ~2832 chars, or ~3383 including spaces.
i think i'm going to officially give up and set the registry value to something obtuse, like 20000, and see what happens.
very frustrating.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 21.Aug.2006 1:04:49 PM
|
|
|
dwarren
Posts: 68
Joined: 16.Feb.2006
Status: offline
|
justinr, I believe you need to include spaces but I am not 100 percent sure.
This is why we need a better solution. Its either block all embedded images or block none. The char count keeps going up on these emails so you would have to set your limit high like you said.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 24.Aug.2006 3:13:48 PM
|
|
|
justinr
Posts: 129
Joined: 6.Mar.2006
From: New York, NY
Status: offline
|
for what it's worth, i spent a bit of time tracking down dns block lists to see what would help fend off this sort of spam.
at present, our dns block list includes these:
bl.spamcop.net
cbl.abuseat.org
combined.rbl.msrbl.net
dnsbl.njabl.org
dnsbl.sorbs.net
list.dsbl.org
relays.ordb.org
sbl-xbl.spamhaus.org
for the past few days, i haven't seen any of these '2000+ character random message body + embedded stock scam'. the ones that do arrive go directly to 'junk e-mail' along with all the other spam. (or, to put it another way: our users haven't been flagging these as spam over the past few days, which means they aren't landing in the inbox to begin with.)
i've left the remote image check set at 2000 characters, btw.
|
|
|
|
|
i get it with the junk bonds and penny stocks - 28.Aug.2006 4:17:20 PM
|
|
|
HASANOF
Posts: 1
Joined: 28.Aug.2006
Status: offline
|
I'm started to lose my faith in ME12.... Nothing thus far has included a solid fix to the problem. Sure we can adjust the number of characters, and so can the spammer... I was under the impression ME12 could read words within a picture, I've flagged Symbol and it never gets caught!!!! Anyone find a good solution?!?!?! weeks. enough. sought rush. havent satisfied enhanced prowess derived snorting Normally routepipe. delivers intensity intenselanne. Reportage //Mise ministres [font=arial ="size=2"]Genres Songs Get Lyrics eCard MySpace Feedback: yours. below about: below: Now... Chicago Singalong Cetera SALT LAKE Albums GREATEST MOVIESTHE Exhale Shoop beneath footloose Feeling recording artist. names reference Codes Hip Hop Concert Tickets Your Band Screen Savers Ringtones Audio Bible Ballroom Bluegrass Broadway Shows Country Effects Healing Christmas Halloween karaoke Oldies Patriotic RampB Ragtime Remixes Soul Wallpaper Famous Speeches Resources Sitemap Playlists Ipod Computers burner [font=arial ="size=2"]from GameGuru Geymer Schoolboy Student Leader Worker Housewife Nokia Motorola Siemens phones flash java amorous SMS Soon CDGuru.ru manager patchi diablo splinter onlive english singles loud panasonic motorola philips piercing nokia Moscow ClubIt names: site:To :Lada Street. Roar engines. angle. slowly goes greeting crowd. itself. bright spoilers heaped reflects lamps. It...News Club:It ..Lada [font=arial ="size=2"]plan Hanford Reach national monument overkill four: Soyon Im.That travelin parks Bush.Top speaks raided tales WTO. money Calling hightech Rosoff. BackPage Ads Nightlife Menus contests Weekly: Feeds Village Media: Express Dallas Observer Houston Press Phoenix Pages Cleveland Scene Miami Westword Nashville Pitch Western downloads Downloads upWhy CNETThe premier MPs Artists: America Latin RicoSaint Nevis Europe Slovak AfricaSt. Oceana American Asia TimorHong NamYemen Punk Folk Reggae Classical Religious Childrens Easy [font=arial ="size=2"]function. reaching fervent Hell.John Ernesto Guevara colony Catholic Peruvian Amazon. Much made scenes film. His portrayed regime soldiers helpless missions crippled alive.But nobody History Seeing Times// amThis SMA.By Musing amCanada CEO Gibbins adriot possible scenario taxed energy resources cash feds NEPstyle control breathe question. eastern musing. However reason deserve thought. obviously sees rumbling among noted past. Usually rumblings [font=arial ="size=2"]neutral funnel surplus province funneling extremely created stealth said.And hereE issue.A manliness risks fast loose language: shifting increase. trust him.By AIDS amMost [font=arial ="size=2"]strong cultural injecting drugs. smokeable required vaporise converted liberated form. Initially freebase volatile solvents technique tends ignite. Hence producing became crack. obtain ordinary heating solution baking soda water cracking heated hence vaporises easily pipe. delivers intensity intense being enjoy. unknown Groping adequate Drugnaive virgins slightly confident unless thrall theories meaning grasped necessary oneself. baseline affective analogue Absolute Zero enriched than grasp. rapturous euphoric cokebinge history. meantime secular parody Heaven [font=arial ="size=2"]places abnormal valorized circus. Athleta Vulcana immigrant Josephine Wohlford onehand involved hoisting weighing Guinness greatest strength Amazons Laurie Fierstein shows invisible within depart norm. image dread fear Theres vanquish Shes face puissant cartoon norms According metaphor borne Woman artists Barney
|
|
|
|
|
RE: i get it with the junk bonds and penny stocks - 29.Aug.2006 4:26:59 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
HASANOF,
Please note that GFI MailEssentials does not scan for words within an image.
_____________________________
Patrizia Caruana
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: i get it with the junk bonds and penny stocks - 30.Aug.2006 10:56:33 AM
|
|
|
bhamren
Posts: 36
Joined: 28.Jul.2005
From: Sidney, OH
Status: offline
|
I am having the same problem and I am trying to use "Keyword Checking" to eliminate these peskey spams to no avail. I am not sure how keyword checking works though - does it only check for sent text or does it check for html also?
Here is the scenario we are in. We archive our inbound and outbound mail to text files. All the email that is slipping through the filters, that have an embedded picture and random text all have the following in common: They all have the following html just before the name of the picture:
<DIV><FONT face=Arial size=2><IMG alt hspace=0 src="cid:
I have tried keyword checking for parts of this in many different ways and they still slip through. I suspect that either:
- The archive files do not save an exact representation, or
- The keyword checking routine ignores the html tags.
Any clarification?
Thanks,
Blair
|
|
|
|
|
RE: i get it with the junk bonds and penny stocks - 30.Aug.2006 12:41:49 PM
|
|
|
justinr
Posts: 129
Joined: 6.Mar.2006
From: New York, NY
Status: offline
|
quote:
ORIGINAL: bhamren
- The keyword checking routine ignores the html tags.
i'm betting you're right on this. from the KB entry for 'how does the remote images check determine the amount of characters in the email' (KBID001904):
"GFI MailEssentials will only use the HTML message body when checking for the amount of text found in the message. The valid HTML codes are removed from the message body, and the remaining text is used to calculate the length of the message."
i'm betting that the keyword check (and probably bayesian..) all behave this way, and strip out the HTML.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 30.Aug.2006 2:04:49 PM
|
|
|
blukkes
Posts: 8
Joined: 30.Aug.2006
Status: offline
|
I have found that adding an entry to my DNS Blacklist for bright-ways.com has virtually eliminated the spam that is coming into our system. We immediately delete any message that comes in and is caught by the DNS filter. I was having to deal with about 1000 spam messages a day. So far today I have had 12 spam messages that need to be checked.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 30.Aug.2006 2:47:28 PM
|
|
|
bhamren
Posts: 36
Joined: 28.Jul.2005
From: Sidney, OH
Status: offline
|
Can you expound on that? It does not make sense. The DNS Blacklist fails the test if I try to add bright-ways.com as a DNS blacklist server.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 30.Aug.2006 2:58:16 PM
|
|
|
blukkes
Posts: 8
Joined: 30.Aug.2006
Status: offline
|
The DNS test on my server fails as well. Simply add bright-ways.com to the DNS Blacklist and it is blocking a ton more of the trash email. I haven't had it block anything I don't want blacked so far.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 30.Aug.2006 3:17:59 PM
|
|
|
bhamren
Posts: 36
Joined: 28.Jul.2005
From: Sidney, OH
Status: offline
|
Pardon me for being suspicious, but how in the world will that work? How did you hear to do such a thing?
I am very careful when following web advice. The last thing I want is to put in some setting in our software that really just allows spammers to gather our valid email addresses.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 30.Aug.2006 3:23:29 PM
|
|
|
blukkes
Posts: 8
Joined: 30.Aug.2006
Status: offline
|
I have been actively trying to reduce the amount of time I need to spend per day going through everyones junk mail so we don't delete a valid message. I noticed a lot of the spam messages came from this domain. When I added it to the DNS Blacklist I thought I had a mail server problem because my spam level dropped radically.
|
|
|
|
|
RE: SPAM with images (and some junk text) - 30.Aug.2006 3:32:21 PM
|
|
|
bhamren
Posts: 36
Joined: 28.Jul.2005
From: Sidney, OH
Status: offline
|
Still this does not answer the big question - WHY??
If lots of spam is coming from one domain, the DNS blacklist is not the place to enter it but rather the custom blacklist.
Another reason I am suspicious is that you just created your account today and the only answer to everyone's problem is the same. Also, bright-ways.com is not an active web site but the domain was just registered 4 days ago.
Can someone at GFI see if this guy is legit and block his responses to the forum if not?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
