Attachment filters not working

For all users, who don't speak German!

Moderator: Forum-Team

Attachment filters not working

Beitragvon Psymon » 7. Jul 2014, 15:52

Hi there! This is my first post here... I recently upgraded to Win7 from WinXP (about two months ago) and have started to notice that I keep getting spam from Asia (usually) that includes attachments -- generally PDF and JPEG files -- which keep going through to my in-box instead of getting flagged as spam in Spamihilator. I have both the built-in attachment filter as well as the additional "attachment extensions" filter, and in both I've specified that any emails that contain PDFs or JPEGs (and a host of other file extensions) should be flagged as spam -- in fact, with the latter plugin, I've set it so that any emails with ANY kind of attachment should be marked as spam.

And yet, lately I keep getting all these annoying spam messages in my in-box anyway, and have to keep blocking the sender (I usually end up blocking the entire domain).

Is there an issue with these attachment filters if/when one is on Win7? I never had this problem before, when I was on WinXP.

Thanks in advance for any help/suggestions! :)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Re: Attachment filters not working

Beitragvon Chactory » 20. Jul 2014, 13:26

Hi Psymon!

Welcome in the Spamihilator forum – and sorry for my late answer, owing to my awesome load of work at work …

It was very good to upgrade to Win7, for it is still too much rubbish in Win8, so it makes sense to use Win7 until Win9 comes.

I have a rule within my rule-filter which sieves mails containing an unusual character set, e.g. from asian countries, or which sieves mails from countries not listed in a list of usual top level domains.

If you want you may take my rules and import them into your Spamihilator. Please ask me for that, so I can support you to import them.

Concerning your question about the attachment filter, I would like to look into your settings to recognize the fault. Perhaps it lies in the filter sequence or the filter behaviour. Could you show this to me with screenshots?

Yours sincerely,
Chactory
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Psymon » 20. Jul 2014, 14:26

Hi Chactory!

Chactory hat geschrieben:I have a rule within my rule-filter which sieves mails containing an unusual character set, e.g. from asian countries, or which sieves mails from countries not listed in a list of usual top level domains.

If you want you may take my rules and import them into your Spamihilator. Please ask me for that, so I can support you to import them.

Concerning your question about the attachment filter, I would like to look into your settings to recognize the fault. Perhaps it lies in the filter sequence or the filter behaviour. Could you show this to me with screenshots?


Thanks very much for your reply! It's interesting that you mention the rule filter, because the next time one of those asian messages (with PDF and JPEG attachments) came through to my in-box, I checked in my training area and found that it was the rule filter that was letting it through. I'd never really looked at the settings for that filter, and discovered that there was a default setting for "Large non-spam mail", wherein it was set so that any "non-spam" mail greater than 1024k would be sent to my mail client.

I found that rather odd! I would have presumed that if I got a mail that didn't get caught by any other filter, but which came from a "non-friend" and was particularly large, that chances are it WOULD be spam, not "non-spam". Wouldn't you think so? So I actually changed that setting, and made it so that any non-spam mail that's larger than 100k that it be moved to the recycle bin (not sent along to my mail client).

Wouldn't that make more sense, than the default setting that spamihilator comes with?

Your comments/questions here also got me to take a closer look at my filter priorities, and I see that I had -- up until just now -- my rule filter set at #2 (out of 20 filters in all). I guess it would make more sense for the rule filter to be right at the very end -- or almost at the end, with the training area being the very last one -- and so that's where I've moved it down to now.

I presume that makes sense?

I'm not sure what screenshots you wanted -- do you still want them? A lot of the windows (like the attachment fileter, filter priorities, etc.) include scrolling parts that I wouldn't be able to get the whole thing of with a screenshot (unless I took a screenshot, scrolled down, took another screenshot, etc.).

I'm thinking, though, with my earlier change to the rule filter, and then moving it's priority down just now, that should hopefully do the trick. In fact, ever since I made that first change, I haven't had any more of those odd asian mails make it through to my mailer!

Cheers, Chactory! :)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Re: Attachment filters not working

Beitragvon Chactory » 20. Jul 2014, 21:03

Hi Psymon!

Thank you for responding to my thoughts!

Indeed, the rule about large mails decides mails bigger than 1024 KB be non-spam. The idea behind this rule is that spammers (usually/always?) don’t send huge mails, for the capacity of their mail servers or bot computers would be overcharged. And contrarily, friends or collegues often send me mails with large attachments, notably office or pdf attachments.

Are you sure that those mails were spam-mails? It’s hard to believe that, but perhaps they are virus-contaminated? Could you provide me the source code of such a mail?

Usually, a mail from an unknown person not caught by any filter will be assessed as „unknown“ and transferred to the inbox of your mail client. I’m not sure, if your ideas about the rule filter and the filter sequence make sense, however, my own settings are as shown in the screenshot:
Zwischenablage03666.png
Zwischenablage03666.png (27.89 KiB) 18655-mal betrachtet

Please let me understand those peculiar mails from asia first, then talk again about possible settings.

Yours sincerely,
Chactory
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Psymon » 21. Jul 2014, 17:22

Chactory hat geschrieben:Please let me understand those peculiar mails from asia first, then talk again about possible settings.


As best I can remember, they were basically all in chinese -- or some other asian language -- and since I haven't installed support for asian characters on my computer it just comes out all "weird", of course. I'm surprised that the "mystic signs" filter didn't catch them, actually.

I wish I'd saved one of those messages now, but that's what they looked like, basically -- i.e. I have no idea what the email itself was "saying", but each message had an attached PDF and JPEG file. Despite any rule filter, surely the TWO attachment filters that I have should have stopped those emails from going through because of those? I do have both PDF and JPEG specified in both of those filters.

I'll try to keep an eye out for any other messages like that -- in fact, I'll put the rule filter back to the settings it was before, and hopefully another one will come along and go through to my mailer, and then I can just forward it along (assuming that's of interest). :)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Re: Attachment filters not working

Beitragvon Chactory » 22. Jul 2014, 21:39

Hi Psymon!

Funny enough, I encencountered the same phenomenon – now I understand very easily the whole thing! :) Thank you very much for your note! :)

Header:
Code: Alles auswählen
Return-Path: <info@autoblog.ru>
Received: from autoblog.ru (autoblog.ru [82.146.40.43])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mtaig-aak05.mx.aol.com (Internet Inbound) with ESMTPS id 7352E70000089;
Sun, 20 Jul 2014 20:48:21 -0400 (EDT)
Received: from User (188.red.69.37.46.procono.es [46.37.69.188] (may be forged))
(authenticated bits=0)
by autoblog.ru (8.14.4/8.14.4) with ESMTP id s6L0XTxJ098841;
Mon, 21 Jul 2014 04:33:40 +0400 (MSD)
(envelope-from info@autoblog.ru)
Message-Id: <201407240033.s6L0XTxJ37462273@autoblog.ru>
From: "INTERNATIONAL LOTTERY"<info@autoblog.ru>
Subject: OFFIZIELLE MITTEILUNG
Date: Mon, 21 Jul 2014 01:34:45 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_009A_01C2A9A6.085BD018"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
To: undisclosed-recipients:;
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (autoblog.ru [82.146.40.43]); Mon, 21 Jul 2014 04:48:15 +0400 (MSD)
x-aol-global-disposition: S
X-AOL-VSS-INFO: 5600.1067/98281
X-AOL-VSS-CODE: clean
Authentication-Results: mx.aol.com;
spf=none (aol.com: the domain autoblog.ru appears to have no SPF Record.) smtp.mailfrom=autoblog.ru;
X-AOL-OVERRIDE-PIK-REASON: Y
X-AOL-REROUTE: YES
x-aol-sid: 3067ac6a02d998ff63556q8c
X-AOL-IP: 89.217.30.43
X-AOL-SPF: domain : autoblog.ru SPF : none
X-AVK-Virus-Check: AVA 24.3257;1B55C502
X-AVK-Spam-Check: 3;str=0001.0A0C0204.53CD7F59.0003,ss=3,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,cl=3,cld=1,fgs=0;151DCC
This is a multi-part message in MIME format.

From: "INTERNATIONAL LOTTERY"<info@autoblog.ru>
Subject: OFFIZIELLE MITTEILUNG

Nachricht:
„Im Anhang finden Sie die Gewinnbenachrichtigung.
Bitte affnen Sie die Anlage, ist sicher und Scan-pdf.
Dank
Management“

The attachment contains 3901,31 KB – very large! The attachment is most likely a virus – don’t open for any purpose! Least of all for curiousity … ;)

Hmm … seems this is the end oft the large attachment rule … at least, we have to increase the value from 1024 to 4096 KB.

(Edit says: yes, it's the end ...;) see here. 05.08.2014, ~Chactory)

Cheers,
Chactory
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Psymon » 22. Jul 2014, 21:49

Chactory hat geschrieben:Hmm … seems this is the end oft the large attachment rule … at least, we have to increase the value from 1024 to 4096 KB.


Well, not for me, because I think I'll just change my settings for the rule filter back to what I'd changed them to before, i.e. so that any non-spam email that is more than 100k does NOT get sent to my mailer. I really don't understand your reasoning for doing it totally the other way -- that seems to invite spammers to send larger attachments. I have many websites, and and get a LOT of spam every day, and any "legitimate" inquiries from strangers are pretty much always via the contact forms on my sites (which are just plain text, no attachments) or else a simple text inquiry -- it's very, very unusual that a total stranger (who is "legitimate") would send me any sort of attachment.

Seriously, your default "rule" for the rule filter seems totally backwards from what, to me, makes much better sense. ;)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Re: Attachment filters not working

Beitragvon Chactory » 22. Jul 2014, 21:54

Hello Psymon!

You're wellcome! I appreciate your idea of excluding mails with attachments not coming from senders in the friends list. Our primordial idea was like I described above, but your way of using the filters is very intelligent and viable!

Yours,
Chactory
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Psymon » 22. Jul 2014, 22:08

I'm glad I/we figured out what my original problem was, and if I somehow helped you, too, that's great! Cheers! :)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Re: Attachment filters not working

Beitragvon Chactory » 22. Jul 2014, 22:16

Thank you very much, Psymon! :)
Chactory
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Chactory » 5. Aug 2014, 12:23

Wow, the spammers don't shrink back from sending spam mails with attachments bigger than 4096 MB! I think that this is the definite expiration of the originally advantageous Large Attachment Rule ... :shock:
regelfilter grosser anhang.png
regelfilter grosser anhang.png (37.44 KiB) 18568-mal betrachtet
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Psymon » 5. Aug 2014, 13:20

Hi Chactory!

Well, I never quite understood the rule anyway -- I mean, why would a total stranger be sending me a large attachment like that anyway, in the first place? I suppose it would be different if, say, I was running a contest for digital artists or something and was accepting submissions by email, but I don't do anything like that -- and no doubt most people don't -- so I never really understood why that rule was set like that in the first place. It just made more sense to instead automatically block any emails from strangers that came with attachments over, say, 100k or something (if not just block all emails with attachments of any size, in fact).

By the way, on a totally unrelated note, I have noticed another odd behaviour of the program. I recently upgraded from WinXP to Win7, and despite having Spamihilator set to always show up in the notification area (down by my clock), sometimes it just doesn't show up there -- although I know it's running, because I get my email no problem when I go check for it. If I go dig in my start menu and "start it up again" (even though it's obviously already running) then the icon shows up. And yes, I did check (each time, in fact) and my setting for that icon is to "Show icon and notifications", not just "Only show notifications". None of the other icons that I have set like that fail to show up -- it's only Spamihilator that does (or, rather, doesn't) sometimes. That never happened before on WinXP -- it's only on Win7.

Not that you need even more problems/bugs to deal with -- ha ha. ;)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Re: Attachment filters not working

Beitragvon Chactory » 6. Aug 2014, 21:41

Hi Psymon!

That was just the whole point! No spam-sender would invest such an amount of transfer volume in spam-mails. You could be sure: Any mail bigger than 1 MB must be NON-spam. But quite recently the spammers seem to be able to ignore questions of transfer volume.

Your rule is excellent, because it combines the expectation of receiving attachments with the frinds list. A disadvantage might be that you have to maintain your friends list very carefully.

Psymon hat geschrieben:… and despite having Spamihilator set to always show up in the notification area (down by my clock), sometimes it just doesn't show up there -- it's only on Win7.
Thank you for your note! I have changed my Windows setting the same way to watch this funny beaviour.
trayarea.png
trayarea.png (19.53 KiB) 18552-mal betrachtet

Cheers,
Chactory
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Chactory » 7. Aug 2014, 21:59

Until now, my little Spamihilator symbol did well, so I think I'm dependent on your description as detailed as possible ... :?
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: Attachment filters not working

Beitragvon Psymon » 7. Aug 2014, 22:15

Chactory hat geschrieben:Until now, my little Spamihilator symbol did well, so I think I'm dependent on your description as detailed as possible ... :?


It only happens rarely -- like, maybe a couple of times a month or something -- but I have no idea what causes it. None of my other icons (i.e. those in my "notificatino area", down where the clock is) seem to disappear like that on occasion, it's only the Spamihilator one that does it.

Oh well, maybe it's just a ghost playing games with me. ;)
Psymon
Power-User
Power-User
 
Beiträge: 9
Registriert: 7. Jul 2014, 15:37

Nächste

Zurück zu English Forum

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 2 Gäste

cron

 industrious-southeast