Jump to content

SCv5 parsing


MIG
 Share

Recommended Posts

1 hour ago, Lking said:

With changes, I would suggest submitting unmodified data to see how the new parser works.  Without new examples there is no way how it works.

Hello Lking, thanks for replying:).

I have submitted both modified & unmodified data, end result, different, hence my question.

I've asked this question on other's posts, provided examples, no-one responded, hence this post - leading me to cogitate, which method is more accurate, more likely to produce the best outcome, i.e, get notifications sent to those responsible that will really pay attention & take action?

No modified source data, i.e 1st {Received) not removed: 

https://www.spamcop.net/sc?id=z6513927819z5a333033d60c15fe7dcbe967cc9c5977z

Modified source data, i.e 1st {Received) removed:

https://www.spamcop.net/sc?id=z6513928242zd136d1f1635704ba07e5ae7794f427e6z

& a v5 general ?, do you know if there's any available v5 information/changes faq available please? If so where? Please!:)

 

 

 

 

 

Edited by MIG
Link to comment
Share on other sites

5 hours ago, MIG said:

Hello Lking, thanks for replying:).

I have submitted both modified & unmodified data, end result, different, hence my question.

I've asked this question on other's posts, provided examples, no-one responded, hence this post - leading me to cogitate, which method is more accurate, more likely to produce the best outcome, i.e, get notifications sent to those responsible that will really pay attention & take action?

No modified source data, i.e 1st {Received) not removed: 

https://www.spamcop.net/sc?id=z6513927819z5a333033d60c15fe7dcbe967cc9c5977z

Modified source data, i.e 1st {Received) removed:

https://www.spamcop.net/sc?id=z6513928242zd136d1f1635704ba07e5ae7794f427e6z

& a v5 general ?, do you know if there's any available v5 information/changes faq available please? If so where? Please!:)

I do wish as well, that parser changes could/would be posted, but that's up to Cisco/Talos to decide if a changelog or list of fixes wouldn't compromise their secrecy in security and vulnerability holes that they want to keep hidden from us mere mortals.

That said/vented, see my latest post here:

 

Link to comment
Share on other sites

3 hours ago, RobiBue said:

I do wish as well, that parser changes could/would be posted, but that's up to Cisco/Talos to decide if a changelog or list of fixes wouldn't compromise their secrecy in security and vulnerability holes that they want to keep hidden from us mere mortals.

Hi RobiBue, I was thinking the exact same thing earlier today! It's a valid reason for keeping mum:)

 

3 hours ago, RobiBue said:

That said/vented, see my latest post here:

 

& your rationale/explanation provided on klappa's "Something wrong with Outlook reporting"  post is deadly, as in perfect! Thanks:)

 

Link to comment
Share on other sites

13 hours ago, RobiBue said:

list of fixes wouldn't compromise their secrecy in security and vulnerability holes that they want to keep hidden from us mere mortals.

Not sure "Us mere mortals" is the issue.  It is all the spammers and trolls of this forum that would be the issue. They do seem to find the holes well enough with out a menu.

Link to comment
Share on other sites

If SpamCop can't parse do it yourself. Look for line
Authentication-Results: spf=none (sender IP is 209.85.128.68)

AND
Return-Path:
 noreply.kimcilkempolenkentunenggerdukaroboyoanyaran3@buahdalamdada.me

Received: from ubuntu-s-1vcpu-1gb-fra1-01 ([68.183.75.255])

So forward as attachment to network-abuse[AT]google.com

All you put in forwarded message is

Received
209.85.128.68   network-abuse[AT]google.com

Source
68.183.75.255    abuse[AT]digitalocean.com

digitalocean.com are known ratbags so also use their abuse page

https://www.digitalocean.com/company/contact/#abuse

Link to comment
Share on other sites

9 hours ago, petzl said:

If SpamCop can't parse do it yourself. Look for line
Authentication-Results: spf=none (sender IP is 209.85.128.68)

AND
Return-Path:
 noreply.kimcilkempolenkentunenggerdukaroboyoanyaran3@buahdalamdada.me

Received: from ubuntu-s-1vcpu-1gb-fra1-01 ([68.183.75.255])

So forward as attachment to network-abuse[AT]google.com

All you put in forwarded message is

Received
209.85.128.68   network-abuse[AT]google.com

Source
68.183.75.255    abuse[AT]digitalocean.com

digitalocean.com are known ratbags so also use their abuse page

https://www.digitalocean.com/company/contact/#abuseÔĽŅ

Thanks Petzel,

Outlook.live mail cannot be forwarded as an attachment.

It's not that SC can't parse the spam: with v5, my query was "do we still keep modifying/removing 1st "received" line, & the answer, from SCA & SCF is "yes".

Link to comment
Share on other sites

On 1/18/2019 at 4:38 AM, Lking said:

Not sure "Us mere mortals" is the issue.  It is all the spammers and trolls of this forum that would be the issue. They do seem to find the holes well enough with out a menu.

What's new in v5? The important stuff, a full suite of emojis,ūüėÄ yeah!!!

image.thumb.png.2e0b759982db96da950e3cfb4ea2da56.png

Edited by ANGEL
Link to comment
Share on other sites

With the upgrade, I've noticed that the parser is coping better for processing spam arriving at gmail. For a while, I've had to perform an edit similar to that required for Outlook/Hotmail, and this now eems to be unnecessary.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...