Re: spam using animated gif

[Matthias Haegele <mhaegele@linuxrocks.dyndns.org>]

Micah Anderson schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthias Haegele wrote:
> > Mustafa Kutsal Ay schrieb:
> > > hi,
> > >
> > > after burning cpu`s to detect spam emails with embedded images ,
> > > spammers are now using another method   to send images in animated gif
> > > format .( as you probably have received such emails)
> > > this way the first frame of the animated gif image is just random lines.
> > >
> > > anyone has an idea to detect that kind of emails
> > keyword "fuzzyocr" (SA plugin).
> >
> > http://www.rulesemporium.com/
> > might help too.
>
> Hi,
>
> I looked on rulesemporium and I didn't see fuzzyocr. I looked under the
> SARE rules and the Other rules, but nothing :(

SARE RULES:
i would suggest the sare_rules (rulesdujour etc.) cause some of them
hit ".gif images" too:
> 0.8 SARE_GIF_ATTACH        FULL: Email has a inline gif
>  1.7 SARE_GIF_STOX          Inline Gif with little HTML

but there is no direct link to fuzzyocr ...

--------------------
fuzzyocr:

the keyword "fuzzyocr" in google ;-) ...

http://users.own-hero.net/~decoder/fuzzyocr/
http://users.own-hero.net/~decoder/
http://wiki.apache.org/spamassassin/FuzzyOcr

> Micah

Greetings & hth
MH