Educause Security Discussion mailing list archives

Re: Image SPAM Increase?

From: Graham Toal <gtoal () UTPA EDU>
Date: Wed, 19 Apr 2006 13:32:00 -0500

A question for those of you running tunable anti-spam solutions...

How often do you find it necessary to tune?


We have a unpassworded IMAP server that is write-only, where people
can drop spam.  Unfortunately we have several users who consistently
put legitimate mail into it, so I have to vet the spam manually
before submitting it to spamprobe's retraining.  I have on occassion
left it alone for as much as a month and no-one has noticed any
degradation in the filtering, but by and large I try to do retrain at
least once a week, and on demand if a particularly nasty new set of
spams is slipping though.  Fortunately due to the automatic self-
training, that happens very seldom.

We too were seeing the financial spams recently, but I retrained
on a large batch of them late last week and haven't seen any since.
I don't know specifically which features of the mails spamprobe
chose to recognise, but it does seem to be working.

By the way if anyone knows of any students looking for a final
year project, I have a potentially useful algorithm for spam
detection which has never been implemented in a real system,
just proof-of-concept code so far.  I don't have time to develop
it myself but I could probably spare enough time to mentor a
student project.  Reason I mention it is that it is a good fit
for the areas that current filters are poor in, such as mails
with little text.

By the way on the spamprobe mailing list over the last few months,
there has been some discussion about image spams - and the
suggestion here to OCR the text is being given some genuine
consideration (though personally I happen to think it is not
cost-effective, and that there are easier ways to catch those
ones)

One other related item: the open source A/V product "clamav"
considers phishing spams to be within their remit.  They're actually
very responsive if you upload a new phishing scam email to them
and they'll add a signature for it the same day.  We cut down
on a huge amount of spam when I gave them examples of the CUNA
stuff (Credit Union) that has been going around for the last few
months.  Since clamav looks inside images, you *might* get some
benefit from submitting these items - if any of them can be
considered phishes and not just plain spams.


Graham
PS The write-only imap source is available if anyone wants it.
Check on freshmeat for "minimap".

Current thread:

Re: Image SPAM Increase?, (continued)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Bruggeman, John (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Les LaCroix (Apr 19)
- Re: Image SPAM Increase? Graham Toal (Apr 19)
- Re: Image SPAM Increase? Mark Borrie (Apr 19)
- Re: Image SPAM Increase? Lee Weers (Apr 19)
- Re: Image SPAM Increase? Lucas, Bryan (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? unisog (Apr 19)
- Re: Image SPAM Increase? Robert Mozden (Apr 20)
- Re: Image SPAM Increase? Paul Russell (Apr 20)
- Re: Image SPAM Increase? Flagg, Martin D. (Apr 21)