l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2006 Aug 31 15:48

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] spam current events
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] spam current events

On Thu, Aug 31, 2006 at 04:51:26PM -0400, Peter Jay Salzman wrote:
> i'm getting hammered with email containing text designed to trick bayesian
> filters.  unfortunately, it appears to be quite successful in that endeavor.
> the email text is nonsensical, however the email has a gif image attachment.
> at first, the gif was always named "image001.gif", and i was able to REJECT
> such emails when Postfix detected a gif attachment named "image001.gif".
> but whoever is sending this got smarter and now the gif file is named all
> kinds of things.
> i'm not quite sure how to filter these things anymore other than to REJECT
> all gif attachments, which I'd prefer not to do if i can help it..
> the gif image itself is mostly white with a few colored "threads" here and
> there.  i certainly don't see any text, so i'm not quite sure what their
> purpose is.  perhaps it's some kind of virus?
> anyone else seeing these things?  i'm getting them a few times a day now.

Well, since I work for the leading manufacturer* of spam filter
appliances... I can tell you some of the avenues we've pursued for
dealing with this. Note that these are features-in-progress, and not
necessarily features that are currently or will at some point be
available. To my knowledge, none of this information is confidential.


One method for dealing with this is to obtain a checksum of all image
attachments within all emails that are reported to be spam, and place it
in a database. Then, whenever we receive an email, we get checksums of
each image, and check it against the database. If we find
the checksum, it's spam.

I don't know if there's a public database of this type somewhere. I
wouldn't be surprised if there were. If there isn't, you can at least
keep track of the attachments you've already seen in your own local
database, and use that to throw future emails out.


Another method is to do OCR on the image, and check the results against
SpamAssassin-style rules. For my money, I'd probably do bayes and intent
checks (via spamhaus.org) against it as well. In fact, I would not be
surprised if we end up doing that here at some point.

>From what I understand, we are using GNU Ocrad for this.

* Barracuda Networks, Inc.  http://www.barracudanetworks.com/

Since I've mentioned some things regarding my employer, it's probably
best to mention that anything I've said or opinions I have are strictly
my own words or views, and not necessarily those of Barracuda Networks,
Inc. :-)

Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.