Menu
▾
▴
pyzor-users — general discussion of Pyzor and Pyzor-related topics
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(75) |
May
(6) |
Jun
(6) |
Jul
(9) |
Aug
(46) |
Sep
(28) |
Oct
(56) |
Nov
(23) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(23) |
Feb
(13) |
Mar
(10) |
Apr
(11) |
May
(23) |
Jun
(9) |
Jul
(6) |
Aug
(20) |
Sep
(28) |
Oct
(1) |
Nov
(23) |
Dec
(1) |
| 2004 |
Jan
(9) |
Feb
(6) |
Mar
(3) |
Apr
(12) |
May
(14) |
Jun
(3) |
Jul
(2) |
Aug
(9) |
Sep
(3) |
Oct
(8) |
Nov
(43) |
Dec
(9) |
| 2005 |
Jan
|
Feb
(1) |
Mar
(5) |
Apr
(17) |
May
(4) |
Jun
(2) |
Jul
(3) |
Aug
(2) |
Sep
(7) |
Oct
(8) |
Nov
|
Dec
(3) |
| 2006 |
Jan
(4) |
Feb
(2) |
Mar
(6) |
Apr
(3) |
May
|
Jun
(31) |
Jul
(4) |
Aug
(3) |
Sep
(5) |
Oct
(19) |
Nov
(16) |
Dec
(9) |
| 2007 |
Jan
|
Feb
|
Mar
(6) |
Apr
|
May
|
Jun
|
Jul
(5) |
Aug
|
Sep
(23) |
Oct
(7) |
Nov
(6) |
Dec
|
| 2008 |
Jan
(9) |
Feb
|
Mar
|
Apr
(9) |
May
(11) |
Jun
|
Jul
(1) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(10) |
Dec
|
| 2009 |
Jan
(3) |
Feb
|
Mar
(5) |
Apr
(26) |
May
(45) |
Jun
(16) |
Jul
(41) |
Aug
(25) |
Sep
(4) |
Oct
(1) |
Nov
(8) |
Dec
(5) |
| 2010 |
Jan
(1) |
Feb
(3) |
Mar
(2) |
Apr
(21) |
May
(4) |
Jun
(18) |
Jul
(3) |
Aug
(2) |
Sep
(12) |
Oct
|
Nov
|
Dec
(5) |
| 2011 |
Jan
|
Feb
(3) |
Mar
(6) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
(4) |
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(9) |
| 2012 |
Jan
(6) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
(4) |
Feb
|
Mar
(1) |
Apr
|
May
(4) |
Jun
(7) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(4) |
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(3) |
Jun
(3) |
Jul
(7) |
Aug
(1) |
Sep
(3) |
Oct
(2) |
Nov
(8) |
Dec
|
| 2015 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
(4) |
Jul
|
Aug
(4) |
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(5) |
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
|
From: Justin S. <lis...@nu...> - 2003-09-26 01:35:38
|
Pardon my forwarding this mail to the list but this guy and I raise what I
think are interesting questions that are really mirrored by Pyzor.
Justin
---------- Forwarded message ----------
Date: Thu, 25 Sep 2003 18:47:55 -0500 (CDT)
From: Justin Shore <lis...@nu...>
To: Bill Borton <bb...@co...>
Cc: raz...@li...
Subject: Re: [Razor-users] Questions about auto-submitting from spam traps
(and trust)
I would like an answer to this question as well. I am in the same boat as
Bill only my boat is many times larger. I field thousands of pieces of
spam per day on my existing spamtraps. I'm starting things back up again
and fully expect the load to increase dramatically.
On Thu, 18 Sep 2003, Bill Borton wrote:
> Hi all,
>
> I have a handful of addresses that I would like to set up to automatically
> pipe into razor-report via procmail. I have been monitoring the addresses
> in question for a while now and it is all spam. (20-100 a month each after
> spamcop.)
>
> First question:
> Currently ~10% of the mails are a already identified as spam via razor. If I
> set up my procmail to pipe into razor-check as suggested in the install docs
> It seems that all messages (including the ones already in the DB) would be
> processed. Does it hurt to re-submit those? Or, does razor-report already
> take this into account and not re-submit existing signatures?
This is a good question. Should incoming mail be "checked" first to see
if it is already known or should it just be submitted regardless? I
currently have a procmail recipe that reports incoming spam with
spamassassin -r and 'pyzor report.' Knowing what is preferred here would
be a big help.
> Second question:
> There is a bit of overlap in the spam received into the troll addresses. Does
> it hurt to report the same message more than once as it comes into the
> different addresses?
When my spamtraps get spammed I tend to get hundreds or thousands of
copies of the same spam. They come from different proxies all over the
world but they have the same body. I don't know of a way for me to filter
out duplicates in an auto-submission process. I don't know if it's a
possibility at all.
> Lastly, do either of the above situations hurt/help my trust rating? I
> have been
> adding a warning header to our inbound mails that are flagged by Razor. It is
> working well, but not hitting much more that about 15% at best. I would like
> to try to improve that with some solid reporting and building a good trust
> level.
> I do not want to go though the trouble though if all my submissions remain
> ignored due to trust issues with automated re-reporting, duplicates, etc.
Agreed. I'm doing this as a service to the community. It would be nice
to know if what I'm doing is actually getting through and having any
effect. Suggestions?
Justin
|
|
From: Alexander P. <pi...@cs...> - 2003-09-23 09:22:25
|
> Alexander Piavka, on 2003-09-22, wrote: > > > Hi, i am new to pyzor,and i have a problem with 'pyzor discover' command > > > > IOError: [Errno socket error] (111, 'Connection refused') > > > > ps. I have the HTTP_PROXY set corrctly but it does not help > > Are you firewalled and unable to access > http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x > for some reason? yes, thanks i've already solved the problem by changing firewall rules |
|
From: Frank T. <ft...@ne...> - 2003-09-22 21:31:25
|
Alexander Piavka, on 2003-09-22, wrote: > Hi, i am new to pyzor,and i have a problem with 'pyzor discover' command > > IOError: [Errno socket error] (111, 'Connection refused') > > ps. I have the HTTP_PROXY set corrctly but it does not help Are you firewalled and unable to access http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x for some reason? -- Frank Tobin http://www.neverending.org/~ftobin/ |
|
From: Alexander P. <pi...@cs...> - 2003-09-22 08:52:30
|
Hi, i am new to pyzor,and i have a problem with 'pyzor discover' command >/usr/local/Python-2.3/bin/pyzor discover downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x Traceback (most recent call last): File "/usr/local/Python-2.3/bin/pyzor", line 4, in ? pyzor.client.run() File "/usr/local/Python-2.3/lib/python2.3/site-packages/pyzor/client.py", line 934, in run ExecCall().run() File "/usr/local/Python-2.3/lib/python2.3/site-packages/pyzor/client.py", line 175, in run download(config.get('client', 'DiscoverServersURL'), servers_fn) File "/usr/local/Python-2.3/lib/python2.3/site-packages/pyzor/client.py", line 943, in download urllib.urlretrieve(url, outfile) File "/usr/local/Python-2.3/lib/python2.3/urllib.py", line 83, in urlretrieve return _urlopener.retrieve(url, filename, reporthook, data) File "/usr/local/Python-2.3/lib/python2.3/urllib.py", line 213, in retrieve fp = self.open(url, data) File "/usr/local/Python-2.3/lib/python2.3/urllib.py", line 181, in open return getattr(self, name)(url) File "/usr/local/Python-2.3/lib/python2.3/urllib.py", line 297, in open_http h.endheaders() File "/usr/local/Python-2.3/lib/python2.3/httplib.py", line 712, in endheaders self._send_output() File "/usr/local/Python-2.3/lib/python2.3/httplib.py", line 597, in _send_output self.send(msg) File "/usr/local/Python-2.3/lib/python2.3/httplib.py", line 564, in send self.connect() File "/usr/local/Python-2.3/lib/python2.3/httplib.py", line 548, in connect raise socket.error, msg IOError: [Errno socket error] (111, 'Connection refused') ps. I have the HTTP_PROXY set corrctly but it does not help pls help thanks |
|
From: Frank T. <ft...@ne...> - 2003-09-14 10:10:04
|
Roman Suzi, on 2003-09-14, wrote: > Probably better solution is to add a special field to the message - > digest value made by Pyzor. Then simple script (formail) could extract > the digest and report digest to server. Hrm, good idea... > However, I do not know if new pyzor supports specifying digest on a > command line. Not yet, but that's definitely going in, because it really helps testing. -- Frank Tobin http://www.neverending.org/~ftobin/ |
|
From: Roman S. <rn...@on...> - 2003-09-14 09:24:30
|
On Fri, 12 Sep 2003, Frank Tobin wrote: >Mr Nick Stefanisko, on 2003-09-12, wrote: > >> I recently installed Spamassassin and Pyzor on my >> Linux box and am now wanting to report spam that is >> getting through. What I did was to set up a mail alias >> to "|pyzor report" and then forwarded the message to >> that alias. > >> So my questions are: >> >> 1) does that work, if not, how should I set this up? >> 3) does pyzor realize that when I forward it a >> message, the origional message didn't come from me and >> doesn't really contain all those > marks or other such >> Fwd: side effects? > >Nope. See answer to 1). Unfortunately, most forwards alter the message >in unrecoverable ways. Only a forward through an attachment would keep it >safe. However, if you do that, you then need to have your mail alias know >how to extract the attachment (not very hard; I think I've posted a simple >python script to do it here before; I can recreate it if you need one.) > >Does anyone know of the ability of MUA's to forward as attachments? I've >looked in Pine, but it doesn't seem to support it :( At least we have >'Bounce' as a fallback. Probably better solution is to add a special field to the message - digest value made by Pyzor. Then simple script (formail) could extract the digest and report digest to server. However, I do not know if new pyzor supports specifying digest on a command line. Please note that Sendmail (or other MTA) could also alter a message! Sincerely yours, Roman Suzi -- rn...@on... =\= My AI powered by GNU/Linux RedHat 7.3 |
|
From: Frank T. <ft...@ne...> - 2003-09-12 19:43:41
|
Mr Nick Stefanisko, on 2003-09-12, wrote: > I recently installed Spamassassin and Pyzor on my > Linux box and am now wanting to report spam that is > getting through. What I did was to set up a mail alias > to "|pyzor report" and then forwarded the message to > that alias. > So my questions are: > > 1) does that work, if not, how should I set this up? No, it will likely not work, because your MUA probably altertered the message when you forwarded it (e.g., it is not an exact resend). If your MUA has a command like Pine's 'Bounce', then this would resend with no changes to teh body. > 2) do I need an account on the server that was > configured via "discover"? Not for report or checking messages. > 3) does pyzor realize that when I forward it a > message, the origional message didn't come from me and > doesn't really contain all those > marks or other such > Fwd: side effects? Nope. See answer to 1). Unfortunately, most forwards alter the message in unrecoverable ways. Only a forward through an attachment would keep it safe. However, if you do that, you then need to have your mail alias know how to extract the attachment (not very hard; I think I've posted a simple python script to do it here before; I can recreate it if you need one.) Does anyone know of the ability of MUA's to forward as attachments? I've looked in Pine, but it doesn't seem to support it :( At least we have 'Bounce' as a fallback. -- Frank Tobin http://www.neverending.org/~ftobin/ |
|
From: Mr N. S. <nic...@ya...> - 2003-09-12 19:29:13
|
I recently installed Spamassassin and Pyzor on my Linux box and am now wanting to report spam that is getting through. What I did was to set up a mail alias to "|pyzor report" and then forwarded the message to that alias. So my questions are: 1) does that work, if not, how should I set this up? 2) do I need an account on the server that was configured via "discover"? 3) does pyzor realize that when I forward it a message, the origional message didn't come from me and doesn't really contain all those > marks or other such Fwd: side effects? --Nick __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com |
|
From: Mike K. (2) <Jun...@ra...> - 2003-09-10 01:30:52
|
Not a problem at all, I apologize for misinterpreting your responses. Mike -----Original Message----- From: Jesus Cea Avion [mailto:jc...@ar...] Sent: Tuesday, September 09, 2003 9:18 PM To: pyz...@li... Subject: Re: Reusable PYZOR Components? > This is as at the SMTP level where the message are coming in realtime > for a site wide spam filtering setup. SpamAssassin marks which tests > it hits, so I was able to go back through the last weeks spam. I see. Thanks. I supposed you was re-running old already received email thru pyzor to get the 25% figure. I stand corrected. > Honestly, if you don't want feed back to your questions > from people, don't post to a public list, instead post them directly > to the maintainer. Hopefully it is a poor command of the English > language that makes your responses come off so sarcastically. Sorry if my message seemed rude. It was not my intention. I was thinking aloud. I apologize. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ pyzor-users mailing list pyz...@li... https://lists.sourceforge.net/lists/listinfo/pyzor-users |
|
From: Jesus C. A. <jc...@ar...> - 2003-09-10 01:18:20
|
> This is as at the SMTP level where the message are coming in realtime > for a site wide spam filtering setup. SpamAssassin marks which tests > it hits, so I was able to go back through the last weeks spam. I see. Thanks. I supposed you was re-running old already received email thru pyzor to get the 25% figure. I stand corrected. > Honestly, if you don't want feed back to your questions > from people, don't post to a public list, instead post them directly > to the maintainer. Hopefully it is a poor command of the English > language that makes your responses come off so sarcastically. Sorry if my message seemed rude. It was not my intention. I was thinking aloud. I apologize. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz |
|
From: Mike K. (2) <Jun...@ra...> - 2003-09-10 01:05:58
|
I guess you're assuming I use this to check my POP3 account for my ISP email account or something similar? This is as at the SMTP level where the message are coming in realtime for a site wide spam filtering setup. SpamAssassin marks which tests it hits, so I was able to go back through the last weeks spam. Honestly, if you don't want feed back to your questions from people, don't post to a public list, instead post them directly to the maintainer. Hopefully it is a poor command of the English language that makes your responses come off so sarcastically. -----Original Message----- From: Jesus Cea Avion [mailto:jc...@ar...] Sent: Tuesday, September 09, 2003 8:34 PM Cc: 'pyz...@li...' Subject: Re: Reusable PYZOR Components? "Mike Kuentz (2)" wrote: > > Sorry about that! Have to learn to read. I use Pyzor out of > SpamAssassin. I ran a check out of what has been marked as spam by > SpamAssassin, and Pyzor recognized about 1/4 of it. This was against > about 25,000 email messages. So, if SA were perfect, Pyzor would be 25% effective. This is "a posteriori" setup, where you check old email. As Frank Tobin comments, if you check "realtime incomming" mail, I'd expect a lower value. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ pyzor-users mailing list pyz...@li... https://lists.sourceforge.net/lists/listinfo/pyzor-users |
|
From: Jesus C. A. <jc...@ar...> - 2003-09-10 00:34:27
|
"Mike Kuentz (2)" wrote: > > Sorry about that! Have to learn to read. I use Pyzor out of > SpamAssassin. I ran a check out of what has been marked as spam by > SpamAssassin, and Pyzor recognized about 1/4 of it. This was against > about 25,000 email messages. So, if SA were perfect, Pyzor would be 25% effective. This is "a posteriori" setup, where you check old email. As Frank Tobin comments, if you check "realtime incomming" mail, I'd expect a lower value. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz |
|
From: Jesus C. A. <jc...@ar...> - 2003-09-10 00:29:05
|
> Depending on when you run pyzor over the message makes a difference. > If you do it at the SMTP level, you'll be processing the message > likely before anyone has had the opportunity to report it, since > spammers tend to send a burst. Good point. Having easily reusable "components" could allow to integrate pyzor at the POP3 level, increasing the detection window };-). If I'm doing too much noise about this issue, please feel free to knock. > > How currently pyzor behaves with malicious users sending bogus > > hashes to contaminate the database?. > > Not very well. Fortunately, it hasn't been an issue. [...] Uhm... -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz |
|
From: Frank T. <ft...@ne...> - 2003-09-10 00:10:11
|
Jesus Cea Avion, on 2003-09-10, wrote:
> Any idea about the proportion of spam catched by pyzor?. In my case,
> from 720 messages received, 220 were spam. Of these, pyzor catches...
> only 53 :-(.
Depending on when you run pyzor over the message makes a difference. If
you do it at the SMTP level, you'll be processing the message likely
before anyone has had the opportunity to report it, since spammers tend to
send a burst.
> I get a lot of spam in Spanish, of course.
The fact that that spam is in Spanish makes little difference, I would
suspect. We all get a lot of spam in all languages.
> Soon, I'll use old abandoned email addresses targeted by spam to feed
> pyzor network.
Great. I know that a few others do the same, as well as myself. It helps
to trounce around such addresses on newsgroups.
> How currently pyzor behaves with malicious users sending bogus hashes to
> contaminate the database?.
Not very well. Fortunately, it hasn't been an issue. I must point out
that there three general types of false positives:
1) a legitimate bulk email (e.g., mailing list).
Recommended solution: this expected mail, so it can and should be
whitelisted, as its nature can be predicted.
2) a legitimate form mail (e.g., order receipt).
This is the hardest to handle sanely, since you might not know how to
whitelist this in advance. Additionally, it is likely very similar to
other messages that others received, with only a couple differing
characters, which might not make it into Pyzor's digest.
I can't recommend any very good specific solution for this.
3) a legitimate, unexpected private email.
Pyzor tries to get enough data from a message to get a unique digest,
so this should be a rare occurence.
There is an ability to whitelist, but on the public server, only
authorized users have the ability to whitelist. Nothing fancy.
--
Frank Tobin http://www.neverending.org/~ftobin/
|
|
From: Mike K. (2) <Jun...@ra...> - 2003-09-09 23:52:23
|
Sorry about that! Have to learn to read. I use Pyzor out of SpamAssassin. I ran a check out of what has been marked as spam by SpamAssassin, and Pyzor recognized about 1/4 of it. This was against about 25,000 email messages. Mike -----Original Message----- From: Jesus Cea Avion [mailto:jc...@ar...] Sent: Tuesday, September 09, 2003 4:47 PM Cc: pyz...@li... Subject: Re: Reusable PYZOR Components? > I don't know about FP percentages, but from experience I have seen a > couple of them. They mainly seem to be a message with no body and > only an jpeg/msword attachment. I'm asking for false negatives, not false positives, Mike :-). In 400 messages I've received already, I've seen a false positive. I'll talk to the user to clarify the event. False negatives are SPAM instances undetected. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ pyzor-users mailing list pyz...@li... https://lists.sourceforge.net/lists/listinfo/pyzor-users |
|
From: Jesus C. A. <jc...@ar...> - 2003-09-09 23:39:26
|
> Simply, false negatives will occur if noone has reported that message. Any idea about the proportion of spam catched by pyzor?. In my case, from 720 messages received, 220 were spam. Of these, pyzor catches... only 53 :-(. I get a lot of spam in Spanish, of course. > Additionally, in general, you have to be somewhat competent in writing > running scripts to assist in reporting, given the interface that pyzor > provides, reading RFC822 on stdin. My project integrating SpamBayes an Pyzor could help a lot here, I think. But I'd like to make some changes in pyzor code in order to make it more "reusable" outside "pyzor" and "pyzord" command line. Soon, I'll use old abandoned email addresses targeted by spam to feed pyzor network. How currently pyzor behaves with malicious users sending bogus hashes to contaminate the database?. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz |
|
From: Frank T. <ft...@ne...> - 2003-09-09 23:23:53
|
Jesus Cea Avion, on 2003-09-09, wrote: > I'm asking for false negatives, not false positives, Mike :-). In 400 > messages I've received already, I've seen a false positive. I'll talk to > the user to clarify the event. I misread your inquiry also, performing s/negative/positive/. Simply, false negatives will occur if noone has reported that message. Most people feed off the databaes, and don't report anything of their own, most likely due to the fact that SA likely doesn't encourage automatic reporting automatically (Razor had issues with this in the past). Additionally, in general, you have to be somewhat competent in writing running scripts to assist in reporting, given the interface that pyzor provides, reading RFC822 on stdin. For those who don't have raw access to their mailbox, instead using IMAP or POP3, reporting becomes difficult. Inversely, those with maildir or similar simple file-oriented email storage have a much easier time reporting batches of spam to the server. -- Frank Tobin http://www.neverending.org/~ftobin/ |
|
From: Frank T. <ft...@ne...> - 2003-09-09 23:02:27
|
Jesus Cea Avion, on 2003-09-09, wrote: > Is there any project to release a new pyzor version with more easy > object reuse?. I'd donate my changes if there is any interest. Not really; what sort of reuse did you have in mind? > BTW, any study about false negatives in pyzor?. Not that I know of. They're certainly possible, but easily mitigated in the vast majority of situations if you whitelist properly. -- Frank Tobin http://www.neverending.org/~ftobin/ |
|
From: Jesus C. A. <jc...@ar...> - 2003-09-09 20:47:46
|
> I don't know about FP percentages, but from experience I have seen a > couple of them. They mainly seem to be a message with no body and > only an jpeg/msword attachment. I'm asking for false negatives, not false positives, Mike :-). In 400 messages I've received already, I've seen a false positive. I'll talk to the user to clarify the event. False negatives are SPAM instances undetected. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jc...@ar... http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz |
|
From: Frank T. <ft...@ne...> - 2003-08-07 13:19:31
|
Jonathan Nichols, on 2003-08-06, wrote: > Uh oh. Does that mean I'm just plain outta luck? =/ Your spamd is only giving the first (useless) line of the traceback...try 'pyzor check < message' for some message. -- Frank Tobin http://www.neverending.org/~ftobin/ |
|
From: Roman S. <rn...@on...> - 2003-08-07 04:52:01
|
On Wed, 6 Aug 2003, Jonathan Nichols wrote: > Roman Suzi wrote: > > > Oh yes, and I forgot to tell that probably you have > > wrong line ends (CRLFs instead of just LFs) in pyzor script/modules - so > > unless you > > are using Python 2.3, you will get that message. > > > > Uh oh. Does that mean I'm just plain outta luck? =/ No. I tried to think why you were getting the errors. Pyzor is designed to work with >= 2.2.2, so everything else is fine. > jnichols@mailgate jnichols $ python -V > Python 2.2.3 > jnichols@mailgate jnichols $ Sincerely yours, Roman A.Suzi -- - Petrozavodsk - Karelia - Russia - mailto:rn...@on... - |
|
From: Jonathan N. <jni...@pb...> - 2003-08-07 03:28:00
|
Roman Suzi wrote: > Oh yes, and I forgot to tell that probably you have > wrong line ends (CRLFs instead of just LFs) in pyzor script/modules - so > unless you > are using Python 2.3, you will get that message. > Uh oh. Does that mean I'm just plain outta luck? =/ jnichols@mailgate jnichols $ python -V Python 2.2.3 jnichols@mailgate jnichols $ |
|
From: Roman S. <rn...@on...> - 2003-08-06 05:24:50
|
Oh yes, and I forgot to tell that probably you have wrong line ends (CRLFs instead of just LFs) in pyzor script/modules - so unless you are using Python 2.3, you will get that message. On Tue, 5 Aug 2003, Jonathan Nichols wrote: > > > - find out where your Python 2 interpreter is > > (eg - /usr/bin/python ) > > > Check. > > > - set it explicitely in #!-line in pyzor > > > Done. > > > - check if Python has all libs included, for example: > > > > $ ldd /usr/bin/python > > libdl.so.2 => /lib/libdl.so.2 (0x4002b000) > > libpthread.so.0 => /lib/libpthread.so.0 (0x4002f000) > > libm.so.6 => /lib/libm.so.6 (0x40044000) > > libc.so.6 => /lib/libc.so.6 (0x40065000) > > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > > > > root@mailgate jnichols # ldd /usr/bin/python > libdl.so.2 => /lib/libdl.so.2 (0x40017000) > libpthread.so.0 => /lib/libpthread.so.0 (0x4001b000) > libutil.so.1 => /lib/libutil.so.1 (0x4006b000) > libstdc++.so.5 => > /usr/lib/gcc-lib/i686-pc-linux-gnu/3.2.3/libstdc++.so.5 (0x4006e000) > libm.so.6 => /lib/libm.so.6 (0x4011d000) > libgcc_s.so.1 => > /usr/lib/gcc-lib/i686-pc-linux-gnu/3.2.3/libgcc_s.so.1 (0x4013f000) > libc.so.6 => /lib/libc.so.6 (0x40148000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > root@mailgate jnichols # > > > Python hates me. =/ > Sincerely yours, Roman A.Suzi -- - Petrozavodsk - Karelia - Russia - mailto:rn...@on... - |
|
From: Jonathan N. <jni...@pb...> - 2003-08-06 03:33:03
|
> - find out where your Python 2 interpreter is
> (eg - /usr/bin/python )
>
Check.
> - set it explicitely in #!-line in pyzor
>
Done.
> - check if Python has all libs included, for example:
>
> $ ldd /usr/bin/python
> libdl.so.2 => /lib/libdl.so.2 (0x4002b000)
> libpthread.so.0 => /lib/libpthread.so.0 (0x4002f000)
> libm.so.6 => /lib/libm.so.6 (0x40044000)
> libc.so.6 => /lib/libc.so.6 (0x40065000)
> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
>
root@mailgate jnichols # ldd /usr/bin/python
libdl.so.2 => /lib/libdl.so.2 (0x40017000)
libpthread.so.0 => /lib/libpthread.so.0 (0x4001b000)
libutil.so.1 => /lib/libutil.so.1 (0x4006b000)
libstdc++.so.5 =>
/usr/lib/gcc-lib/i686-pc-linux-gnu/3.2.3/libstdc++.so.5 (0x4006e000)
libm.so.6 => /lib/libm.so.6 (0x4011d000)
libgcc_s.so.1 =>
/usr/lib/gcc-lib/i686-pc-linux-gnu/3.2.3/libgcc_s.so.1 (0x4013f000)
libc.so.6 => /lib/libc.so.6 (0x40148000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
root@mailgate jnichols #
Python hates me. =/
|
|
From: Jonathan N. <jni...@pb...> - 2003-08-06 03:31:57
|
> > What happens when you run 'pyzor ping'? > pyzor ping (and pyzor discover) both work.. jnichols@mailgate jnichols $ pyzor ping 66.92.49.157:24441 (200, 'OK') jnichols@mailgate jnichols $ root@mailgate jnichols # pyzor ping 66.92.49.157:24441 (200, 'OK') root@mailgate jnichols # |
9 messages has been excluded from this view by a project administrator.
