Re: Image SPAM Increase?

[Robert Mozden <vexira_dude () YAHOO COM>]

Depending on the mail server that your using, V.A.M.S.
could be a solution for you. It can use a combination
of rulsets/autolearn that the administration can make
along with the built in database.  Add that on top of
spamassassin and your ready to roll.

www.centralcommand.com/mailserver.html is the info
about that.  Other than that, maybe an appliance which
does similar functions?



--- Gary Flynn <flynngn () JMU EDU> wrote:

> This is a cryptographically signed message in MIME
> format.
>
> --------------ms020501030600010309030806
> Content-Type: text/plain; charset=us-ascii;
> format=flowed
> Content-Transfer-Encoding: 7bit
>
>
> Over the past few weeks we've seen a slow increase
> in SPAM messages
> related to stock market advice. We're starting to
> see regular reports
> from our users of this new ( for us ) activity. The
> messages are
> composed:
>
> 1) entirely of images
>
> --or--
>
> 2) Images prepended with gibberish
>
> Messages have been received from computers around
> the
> world and sources don't seem to repeat.
>
> Our email system is assigning them junkmail scores
> too
> low to keep them out of regular mailboxes.
>
> Anyone else seeing these? If not, do you know what
> is
> keeping you from seeing them? Anti-spam device or
> product? ORB list? SPF? Custom filter?
>
> How would any SPAM filter be able to deal with a
> message
> made up entirely of an image and sent from varying
> computers? Is it safe to assume there are no filters
> that have OCR capabilities :)
>
> What actions do you take and/or what recommendations
> do
> you offer to users when faced with an increase in
> unfilterable messages?
>
> thanks,
>
> --
> Gary Flynn
> Security Engineer
> James Madison University
> www.jmu.edu/computing/security
>
> --------------ms020501030600010309030806
> Content-Type: application/x-pkcs7-signature;
> name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> filename="smime.p7s"
> Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH8zCC
>
AlQwggG9oAMCAQICECY138E+CU347KfBoi2yPrYwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UE
>
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
>
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDMxNTIyMTkzM1oX
>
DTA3MDMxNTIyMTkzM1owQTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEeMBwG
>
CSqGSIb3DQEJARYPZmx5bm5nbkBqbXUuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
>
gQCxewIVqtMUKuCB32byrFu2IvsR0x4kujy5hI5ADf5T8d07l5x0F60NNmHuSXfPE2mKfRYX
>
D/1jE9HidRaT882UNS7BBZrovdWk4+q5WsbOOC/87+rqQLMNmqQqeumEhL5uGLRxOL71m2ci
>
1674OnA1pwS/UshTaHX2X3sNjKOXTQIDAQABoywwKjAaBgNVHREEEzARgQ9mbHlubmduQGpt
>
dS5lZHUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBc1f0iUUTmoxlwWeZnCyIc
>
Fvms1SQhR5Sw+F2qhyOo7gIOvktGltPbSYmbKS5FOPFNxG9aXuNwGLwOJCWVk9DRklt2Mkwt
>
n2pHkXInrBo2IKkII9d1VgtUfkWNt/CkIxuLyzQVmAaIBm+2Sal2ychaf2vGXEEFuGjciz6q
>
ezFp0DCCAlQwggG9oAMCAQICECY138E+CU347KfBoi2yPrYwDQYJKoZIhvcNAQEEBQAwYjEL
>
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
>
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDMxNTIy
>
MTkzM1oXDTA3MDMxNTIyMTkzM1owQTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJl
>
cjEeMBwGCSqGSIb3DQEJARYPZmx5bm5nbkBqbXUuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GN
>
ADCBiQKBgQCxewIVqtMUKuCB32byrFu2IvsR0x4kujy5hI5ADf5T8d07l5x0F60NNmHuSXfP
>
E2mKfRYXD/1jE9HidRaT882UNS7BBZrovdWk4+q5WsbOOC/87+rqQLMNmqQqeumEhL5uGLRx
>
OL71m2ci1674OnA1pwS/UshTaHX2X3sNjKOXTQIDAQABoywwKjAaBgNVHREEEzARgQ9mbHlu
>
bmduQGptdS5lZHUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBc1f0iUUTmoxlw
>
WeZnCyIcFvms1SQhR5Sw+F2qhyOo7gIOvktGltPbSYmbKS5FOPFNxG9aXuNwGLwOJCWVk9DR
>
klt2Mkwtn2pHkXInrBo2IKkII9d1VgtUfkWNt/CkIxuLyzQVmAaIBm+2Sal2ychaf2vGXEEF
>
uGjciz6qezFp0DCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYT
>
AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
>
ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMg
>
RGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG
>
SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBa
>
Fw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3Vs
>
dGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNz
>
dWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRw
>
nd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn
>
8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJg
>
t/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0
>
dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1Ud
>
DwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJ
>
KoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A
>
9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH
>
1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggLjMIIC3wIBATB2MGIxCzAJ
>
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
>
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQJjXfwT4JTfjsp8Gi
>
LbI+tjAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
>
DQEJBTEPFw0wNjA0MTkxNjA4MzFaMCMGCSqGSIb3DQEJBDEWBBQoh7a1l9aXvmbxjWNSgDew
>
SvsTnzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq
>
hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYBBAGCNxAEMXgwdjBi
>
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEs
>
MCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECECY138E+CU34
>
7KfBoi2yPrYwgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
>
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs
>
IEZyZWVtYWlsIElzc3VpbmcgQ0ECECY138E+CU347KfBoi2yPrYwDQYJKoZIhvcNAQEBBQAE
>
gYAOD0m2SFB88G8DQ9aTB777lcBuI0HhPcGqiz0rDZzb0u7Rrme3GN12thNwX31LqE9rqfge
>
AAlxEEZstsh68t9WAgez88bcy1c0t0Yil1lTaGUaSMxmKpAFyctkHGO0qaKMbgu/O0Tmid9A
> jTNa5tfTEzOZ3hCe3qYMrgBB7PElvQAAAAAAAA==
> --------------ms020501030600010309030806--


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com