Archive for February, 2010
“a career move” effing iPhone.
by Nick on Feb.27, 2010, under News, Twitter
“a career move” effing iPhone.
Is it me, or does Chris Cornel…
by Nick on Feb.27, 2010, under News, Twitter
Is it me, or does Chris Cornell get more and more ridiculous every time he makes a career nice?
Let’s Try This.
by Nick on Feb.26, 2010, under Administration, E-Mail, News, UNIX 101
So, some of my users are avid World of Warcraft players. They’ve been complaining that they keep getting phishing schemes in their email accounts. Since Bayesian Filtering isn’t catching on, I think it’s time for custom SpamAssassin rules.
First, a quick scan of SARE rulesets to see if one fits the bill. I picked the the “Forged” rules simply because they are logical and simple. I like logical and simple 
Then some quick adapting…
and this is what I came up with:
header __RCVD_WOW Received =~ /worldofwarcraft\.com/i
header __FROM_WOW From =~ /worldofwarcraft\.com/i
uri __URI_WOW /worldofwarcraft\.com/i
meta CUSTOM_FORGED_WOW (__FROM_WOW && __URI_WOW && !__RCVD_WOW)
score CUSTOM_FORGED_WOW 1.4
I have similar rules for blizzard.com and battle.net. What I’m looking for is the domain in the “From” field in the headers, and the domain in the body of the message but the domain NOT in the “Received” field. Most phishing schemes have a hotmail/yahoo/gmail address in the “Received” (and the “Reply To” field)
The only caveat I see with this, is that the base64 encoding of the message may screw up the body check, but I’m almost positive Spam Assassin decodes the message first.
I assigned a relatively small score of 1.4 to the messages, just to see if they show up in the “X-SpamScore” header. Remember, only one should hit at a time.
We’ll see if that works.
Writing SpamAssassin Rules is …
by Nick on Feb.26, 2010, under News, Twitter
Writing SpamAssassin Rules is fun! Stupid Bayes, not catching on to WoW Phishing scams. Regex-foo time.
Just finished VTSP training, a…
by Nick on Feb.25, 2010, under News, Twitter
Just finished VTSP training, and boy, are my arms tired!
I loved Aptitude… By love, I…
by Nick on Feb.24, 2010, under News, Twitter
I loved Aptitude… By love, I mean loathe… Also, VMWare, your training is painful. Your product is cool.
“Once more into the VTSP train…
by Nick on Feb.24, 2010, under News, Twitter
“Once more into the VTSP training breach dear fellows…”
A friend of mine sent me this …
by Nick on Feb.22, 2010, under News, Twitter
A friend of mine sent me this link http://bit.ly/d9xioE today. Perhaps it would be a good idea of some fellow Northsiders looked into this.
(2/2)So I dropped her off at t…
by Nick on Feb.21, 2010, under News, Twitter
(2/2)So I dropped her off at the AHA in Golden Valley. She was adorable, cried for me when I left her with @MelanalTheGreat. Tag your dogs!
(1/2)Caught a poodle today. I …
by Nick on Feb.21, 2010, under News, Twitter
(1/2)Caught a poodle today. I ran into the owner before I caught her, but after walking for an hour with the poodle, no owner.
On Jabber?
